On Sat, May 28, 2016, 13:58 Christian Heimes <christian@python.org> wrote:
On 2016-05-27 03:54, M.-A. Lemburg wrote:
> On 27.05.2016 06:54, Raymond Hettinger wrote:
>>
>>> On May 25, 2016, at 3:29 AM, Christian Heimes <christian@python.org> wrote:
>>>
>>> I have three hashing-related patches for Python 3.6 that are waiting for
>>> review. Altogether the three patches add ten new hash algorithms to the
>>> hashlib module: SHA3 (224, 256, 384, 512), SHAKE (SHA3 XOF 128, 256),
>>> BLAKE2 (blake2b, blake2s) and truncated SHA512 (224, 256).
>>
>> Do we really need ten?  I don't think the standard library is the place to offer all variants of hashing.  And we should avoid getting in a cycle of "this was just released by NIST" and "nobody uses that one anymore".  Is any one of them an emergent best practice (i.e. starting to be commonly used in network protocols because it is better, faster, stronger, etc)?
>>
>> Your last message on https://bugs.python.org/issue16113 suggests that these aren't essential and that there is room for debate about whether some of them are standard-library worthy (i.e. we will have them around forever).
>
> I can understand your eagerness to get this landed, since it's
> been 4 years since work started, but I think we should wait with
> the addition until OpenSSL has them:
>
> https://github.com/openssl/openssl/issues/439
>
> The current patch is 1.2MB for SHA-3 - that's pretty heavy for just
> a few hash functions, which aren't in any wide spread use yet and
> probably won't be for quite a few years ahead.

About 1 MB of the 1.2 MB are test vectors for SHA3. Strictly speaking
the test vectors are not required.

We can always make the test vector file an external download like we do for some of the codec tests.

-brett



> IMO, relying on OpenSSL is a better strategy than providing
> (and maintaining) our own compatibility versions. Until OpenSSL
> has them, people can use Björn's package:
>
> https://github.com/bjornedstrom/python-sha3
>
> Perhaps you could join forces with Björn to create a standard
> SHA-3 standalone package on PyPI based on your two variants
> which we could recommend to people in the docs ?!

I have been maintaining my own SHA3 module for couple of years. A month
ago I moved my code to github and ported it to the new Keccak Code
Package. The standalone package uses the same code as my patch but also
provides the old Keccak hashes and works on Python 2.7.

https://github.com/tiran/pysha3
https://pypi.python.org/pypi/pysha3
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: https://mail.python.org/mailman/options/python-dev/brett%40python.org