[New-bugs-announce] [issue17006] Warn users about hashing secrets?
report at bugs.python.org
Mon Jan 21 09:48:02 CET 2013
New submission from Christian Heimes:
Lot's of people still think that something like sha512(secret + message), sha1(password + salt) or even sha1(password) is secure. Except it isn't. Most crypto hash functions like md5, sha1, sha2 family (sha256, sha384, sha512) use a Merkle–Damgård construction . The construction is vulnerable to several attack vectors like length extension attacks. Passwords needs special care, too.
I propose we add a warning to the documentation of hashlib. It's not the right place to teach cryptographics but it's a good place to raise attention. The warning should explain that you shouldn't solely hash secrets or messages containing a secret. For messages a MAC algorithm like HMAC should be used. For passwords a key stretching and key derivation function like PBKDF2, bcrypt or scrypt is much more secure.
assignee: docs at python
nosy: christian.heimes, docs at python
title: Warn users about hashing secrets?
versions: Python 2.7, Python 3.3, Python 3.4
Python tracker <report at bugs.python.org>
More information about the New-bugs-announce