Issue5212
Created on 2009-02-11 00:39 by brainsik, last changed 2022-04-11 14:56 by admin. This issue is now closed.
| Messages (6) | |||
|---|---|---|---|
| msg81615 - (view) | Author: .:. brainsik (brainsik) | Date: 2009-02-11 00:39 | |
The HMAC module page [1] says: Note: The md5 hash has known weaknesses but remains the default for backwards compatibility. Choose a better one for your application. However, according to the "Hash Collision Q&A" [2] linked to from the hashlib module [3], md5 is not vulnerable when used in an HMAC: Q: Do these attacks break HMAC using MD5 or SHA-1? A: No. Because of the way hash functions are used in the HMAC construction, the techniques used in these recent attacks do not apply. It seems like the note is incorrect. 1. http://docs.python.org/library/hmac.html 2. http://www.cryptography.com/cnews/hash.html 3. http://docs.python.org/library/hashlib.html |
|||
| msg81616 - (view) | Author: .:. brainsik (brainsik) | Date: 2009-02-11 00:44 | |
Bruce Schneier also says (regarding the SHA-1 collision attacks), "it doesn't affect applications such as HMAC where collisions aren't important": http://www.schneier.com/blog/archives/2005/02/sha1_broken.html |
|||
| msg108667 - (view) | Author: Terry J. Reedy (terry.reedy) *  |
Date: 2010-06-26 00:50 | |
Are you proposing that the note be removed entirely (and ignore the results it is based on) or just reworded? If it were removed, I could imagine complaints. If reword, specifically how? |
|||
| msg108892 - (view) | Author: .:. brainsik (brainsik) | Date: 2010-06-29 05:05 | |
Since the note is incorrect, it seems like it should be removed. What "results it is based on" are you referring to and what complaints are you concerned about? |
|||
| msg108893 - (view) | Author: Terry J. Reedy (terry.reedy) * |
Date: 2010-06-29 05:10 | |
The supposed 'known weaknesses'. I have no particular opinion. Anyway, we have your recommendation: remove the note. I will let others defend it. |
|||
| msg118923 - (view) | Author: Georg Brandl (georg.brandl) * |
Date: 2010-10-17 10:09 | |
Removed note in r85617. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:56:45 | admin | set | github: 49462 |
| 2010-10-17 10:09:15 | georg.brandl | set | status: open -> closed resolution: fixed messages: + msg118923 |
| 2010-06-29 05:10:44 | terry.reedy | set | messages: + msg108893 |
| 2010-06-29 05:05:08 | brainsik | set | messages: + msg108892 |
| 2010-06-26 00:50:49 | terry.reedy | set | assignee: georg.brandl -> docs@python messages:
+ msg108667 |
| 2010-06-26 00:47:20 | terry.reedy | set | versions: + Python 3.1, Python 2.7, Python 3.2, - Python 2.5, Python 3.0 |
| 2009-02-11 00:44:23 | brainsik | set | messages: + msg81616 |
| 2009-02-11 00:39:50 | brainsik | create | |