[New-bugs-announce] [issue17006] Warn users about hashing secrets?

Christian Heimes report at bugs.python.org
Mon Jan 21 09:48:02 CET 2013

New submission from Christian Heimes:

Lot's of people still think that something like sha512(secret + message), sha1(password + salt) or even sha1(password) is secure. Except it isn't. Most crypto hash functions like md5, sha1, sha2 family (sha256, sha384, sha512) use a Merkle–Damgård construction [1]. The construction is vulnerable to several attack vectors like length extension attacks. Passwords needs special care, too.

I propose we add a warning to the documentation of hashlib. It's not the right place to teach cryptographics but it's a good place to raise attention. The warning should explain that you shouldn't solely hash secrets or messages containing a secret. For messages a MAC algorithm like HMAC should be used. For passwords a key stretching and key derivation function like PBKDF2, bcrypt or scrypt is much more secure.

[1] http://en.wikipedia.org/wiki/Merkle%E2%80%93Damg%C3%A5rd_construction

assignee: docs at python
components: Documentation
messages: 180330
nosy: christian.heimes, docs at python
priority: normal
severity: normal
status: open
title: Warn users about hashing secrets?
type: enhancement
versions: Python 2.7, Python 3.3, Python 3.4

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list