I suggest that SHA224 does not qualify as "SHA256 or better". Truncating any hash should not be considered equivalent or better. Reductio ad absurdum: truncate to 128 bits, 16 bits, 8 bits, or 1 bit. On Mon, 2021-03-29 at 08:15 +0000, Theallredman via Python-Dev wrote:

No need to be condescending.  Trust me when I say I know the bit length relates to the collision resistance.  Also trust me when I say there are other dimensions upon which to consider one hash algo over another other then just collision resistance such as, power consumption, execution time, whether or not the algorithm suffers from length extension attacks.

I'm assuming the reason MD5 and SHA1 were both disallowed were because they have been proven to have a collision resistance less then 1/2 their bit length.  But this is not the case for SHA224.  It is just a truncated version of SHA256 and thus the underlying algorithm is just as strong as SHA256 except that you can expect to find a collision in about 16 bits of work less.

So going back to my actual question SHA224 is disallowed in record files because it's bit length is less then 256? _______________________________________________ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-leave@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/NKMWTOLR... Code of Conduct: http://python.org/psf/codeofconduct/

I meant to exclude md5 and sha1, e.g. hash functions with known problems. SHA224 would be a weird choice but it wouldn't personally offend me otherwise. It would be fun to see how many wheel handlers support non-sha256 hash functions. On Mon, Mar 29, 2021 at 9:56 PM Theallredman via Python-Dev < python-dev@python.org> wrote:

Thank you. I can't think of a compelling reason someone would want to choose SHA224 over SHA256 in the context of wheel generation. It just that the PEPs are usually pretty explicit and SHA224 seemed to be implicitly excluded from RECORD files. And I'm considering the details of making a pretty pedantic wheel generation PEP517 backend.

Eldon

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, March 29, 2021 2:16 PM, Paul Moore wrote:

...

On Mon, 29 Mar 2021 at 17:40, Theallredman via Python-Dev python-dev@python.org wrote:

...

So going back to my actual question SHA224 is disallowed in record files because it's bit length is less then 256?

It doesn't look like it's ever been excluded. The only explicit exclusions are MD5 and SHA1 as you point out. Do you have a particular reason to want to use SHA224? Pretty much everyone is using SHA256, as far as I know.

Paul

_______________________________________________ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-leave@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/NB6MLDDD... Code of Conduct: http://python.org/psf/codeofconduct/