[Python-checkins] commit of r41727 - python/trunk/Misc/NEWS

tim.peters python-checkins at python.org
Sat Dec 17 00:14:03 CET 2005 

Author: tim.peters
Date: Sat Dec 17 00:13:57 2005
New Revision: 41727

Modified:
   python/trunk/Misc/NEWS
Log:
More text about the pragmatic significance of hashlib.


Modified: python/trunk/Misc/NEWS
==============================================================================
--- python/trunk/Misc/NEWS	(original)
+++ python/trunk/Misc/NEWS	Sat Dec 17 00:13:57 2005
@@ -27,7 +27,7 @@
   at ftp.unicode.org and contain a few updates (e.g. the Mac OS
   encodings now include a mapping for the Apple logo)
 
-- Added a few more codecs for Mac OS encodings 
+- Added a few more codecs for Mac OS encodings
 
 - Speed up some Unicode operations.
 
@@ -293,7 +293,16 @@
 -------
 
 - Added the hashlib module.  It provides secure hash functions for MD5 and
-  SHA1, 224, 256, 384, and 512.
+  SHA1, 224, 256, 384, and 512.  Note that recent developments make the
+  historic MD5 and SHA1 unsuitable for cryptographic-strength applications.
+  In <http://mail.python.org/pipermail/python-dev/2005-December/058850.html>
+  Ronald L. Rivest offered this advice for Python:
+
+      "The consensus of researchers in this area (at least as
+      expressed at the NIST Hash Function Workshop 10/31/05),
+      is that SHA-256 is a good choice for the time being, but
+      that research should continue, and other alternatives may
+      arise from this research.  The larger SHA's also seem OK."
 
 - Added a subset of Fredrik Lundh's ElementTree package.  Available
   modules are xml.etree.ElementTree, xml.etree.ElementPath, and
@@ -458,13 +467,13 @@
   disables recursive traversal through instance attributes, which can
   be exploited in various ways.
 
-- Bug #1222790: in SimpleXMLRPCServer, set the reuse-address and close-on-exec 
+- Bug #1222790: in SimpleXMLRPCServer, set the reuse-address and close-on-exec
   flags on the HTTP listening socket.
 
 - Bug #792570: SimpleXMLRPCServer had problems if the request grew too large.
   Fixed by reading the HTTP body in chunks instead of one big socket.read().
 
-- Patches #893642, #1039083: add allow_none, encoding arguments to constructors of 
+- Patches #893642, #1039083: add allow_none, encoding arguments to constructors of
   SimpleXMLRPCServer and CGIXMLRPCRequestHandler.
 
 - Bug #1110478: Revert os.environ.update to do putenv again.

More information about the Python-checkins mailing list