[Python-Dev] SHA-256 module
Tim Peters
tim.peters at gmail.com
Sun Sep 12 00:43:27 CEST 2004
[Michael Hudson, on 30 June 2004]
>> Nevertheless, am I right to still believe that there are no known
>> distinct strings which even MD5 to the same hash?
[Andrew Kuchling]
> Correct.
And two months later, the world is all different again:
"""
import md5
S = ('\xd11\xdd\x02\xc5\xe6\xee\xc4i=\x9a\x06\x98\xaf\xf9\\'
'/\xca\xb5\x87\x12F~\xab@\x04X>\xb8\xfb\x7f\x89U\xad4'
'\x06\t\xf4\xb3\x02\x83\xe4\x88\x83%qAZ\x08Q%\xe8\xf7'
'\xcd\xc9\x9f\xd9\x1d\xbd\xf2\x807<[\x96\x0b\x1d\xd1'
'\xdcA{\x9c\xe4\xd8\x97\xf4ZeU\xd55s\x9a\xc7\xf0\xeb'
'\xfd\x0c0)\xf1f\xd1\t\xb1\x8fu\'\x7fy0\xd5\\\xeb"'
'\xe8\xad\xbay\xcc\x15\\\xedt\xcb\xdd_\xc5\xd3m\xb1'
'\x9b\n\xd85\xcc\xa7\xe3')
T = ('\xd11\xdd\x02\xc5\xe6\xee\xc4i=\x9a\x06\x98\xaf\xf9\\'
'/\xca\xb5\x07\x12F~\xab@\x04X>\xb8\xfb\x7f\x89U\xad4'
'\x06\t\xf4\xb3\x02\x83\xe4\x88\x83%\xf1AZ\x08Q%\xe8\xf7'
'\xcd\xc9\x9f\xd9\x1d\xbdr\x807<[\x96\x0b\x1d\xd1\xdcA{'
'\x9c\xe4\xd8\x97\xf4ZeU\xd55s\x9aG\xf0\xeb\xfd\x0c0)'
'\xf1f\xd1\t\xb1\x8fu\'\x7fy0\xd5\\\xeb"\xe8\xad\xbayL'
'\x15\\\xedt\xcb\xdd_\xc5\xd3m\xb1\x9b\nX5\xcc\xa7\xe3')
assert S != T
print md5.new(S).hexdigest()
print md5.new(T).hexdigest()
print "oops"
"""
A number of hash functions got cracked since this thread started, by
some researchers in China:
http://eprint.iacr.org/2004/199.pdf
MD5 is truly dead now for "secure" applications. Maybe someone who
gives a rip <wink> could update the docs.
Best I understand it, SHA-1 still stands, although a variant with half
the rounds has been cracked. It does increase the desirability (IMO)
of adding SHA-256, lest SHA-1 get cracked too while Python 2.4.j is
still current.
More information about the Python-Dev
mailing list