[Python-Dev] New hash algorithms: SHA3, SHAKE, BLAKE2, truncated SHA512 (original) (raw)
M.-A. Lemburg mal at egenix.com
Fri May 27 06:54:49 EDT 2016
- Previous message (by thread): [Python-Dev] New hash algorithms: SHA3, SHAKE, BLAKE2, truncated SHA512
- Next message (by thread): [Python-Dev] New hash algorithms: SHA3, SHAKE, BLAKE2, truncated SHA512
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 27.05.2016 06:54, Raymond Hettinger wrote:
On May 25, 2016, at 3:29 AM, Christian Heimes <christian at python.org> wrote:
I have three hashing-related patches for Python 3.6 that are waiting for review. Altogether the three patches add ten new hash algorithms to the hashlib module: SHA3 (224, 256, 384, 512), SHAKE (SHA3 XOF 128, 256), BLAKE2 (blake2b, blake2s) and truncated SHA512 (224, 256). Do we really need ten? I don't think the standard library is the place to offer all variants of hashing. And we should avoid getting in a cycle of "this was just released by NIST" and "nobody uses that one anymore". Is any one of them an emergent best practice (i.e. starting to be commonly used in network protocols because it is better, faster, stronger, etc)? Your last message on https://bugs.python.org/issue16113 suggests that these aren't essential and that there is room for debate about whether some of them are standard-library worthy (i.e. we will have them around forever).
I can understand your eagerness to get this landed, since it's been 4 years since work started, but I think we should wait with the addition until OpenSSL has them:
https://github.com/openssl/openssl/issues/439
The current patch is 1.2MB for SHA-3 - that's pretty heavy for just a few hash functions, which aren't in any wide spread use yet and probably won't be for quite a few years ahead.
IMO, relying on OpenSSL is a better strategy than providing (and maintaining) our own compatibility versions. Until OpenSSL has them, people can use Björn's package:
https://github.com/bjornedstrom/python-sha3
Perhaps you could join forces with Björn to create a standard SHA-3 standalone package on PyPI based on your two variants which we could recommend to people in the docs ?!
-- Marc-Andre Lemburg eGenix.com
Professional Python Services directly from the Experts (#1, May 27 2016)
Python Projects, Coaching and Consulting ... http://www.egenix.com/ Python Database Interfaces ... http://products.egenix.com/ Plone/Zope Database Interfaces ... http://zope.egenix.com/
::: We implement business ideas - efficiently in both time and costs :::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ http://www.malemburg.com/
- Previous message (by thread): [Python-Dev] New hash algorithms: SHA3, SHAKE, BLAKE2, truncated SHA512
- Next message (by thread): [Python-Dev] New hash algorithms: SHA3, SHAKE, BLAKE2, truncated SHA512
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]