Issue 28384: [doc] hmac cannot be used with shake algorithms (original) (raw)

HMAC digest methods call inner.digest() with no arguments, but new-in-3.6 shake algorithms require a length argument.

possible solutions:

1. add optional length argument to HMAC.[hex]digest, and pass through to inner hash object
2. set hmac.digest_size, and use that to pass through to inner hash object if inner hash object has digest_size == 0
3. give shake hashers a default value for length in digest methods (logically 32 for shake_256, 16 for shake_128, I think)

test:

import hmac, hashlib

h = hmac.HMAC(b'secret', digestmod=hashlib.shake_256) h.hexdigest() # raises on self.inner.digest() requires length argument

It's not a bug, but indented behavior. It does not make any sense to use SHAKE with the HMAC construct. In fact it does not make sense to combine Keccak sponge or Blake2 with HMAC at all. HMAC is only necessary for old, Merkle-Damgard hashing algorithms like MD5, SHA1 and SHA2, because they are subject to length extension attacks.

The correct solution is 4. improve documentation