[New-bugs-announce] [issue38270] Tests: Avoid MD5 or check for MD5 availablity
Christian Heimes
report at bugs.python.org
Wed Sep 25 06:09:58 EDT 2019
New submission from Christian Heimes <lists at cheimes.de>:
MD5 hash digest algorithm has known security issues and is getting blocked on systems with strict security policies.
Python uses MD5 in several unittests. These tests should either avoid MD5 and use SHA256 instead. Or tests that really require MD5 should check for the availability of MD5 and skip these tests. The latter are network-related tests that check for digest auth or CRAM-MD5 auth.
Avoidable use of MD5:
* test_hmac tests for default constructor
* test_tarfile checksum
Tests that require MD5:
* test_urllib2_localnet digest auth
* CRAM-MD5 in test_imaplib, test_poplib, test_smtplib
----------
assignee: christian.heimes
components: Tests
messages: 353162
nosy: christian.heimes
priority: high
severity: normal
status: open
title: Tests: Avoid MD5 or check for MD5 availablity
type: resource usage
versions: Python 3.7, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue38270>
_______________________________________
More information about the New-bugs-announce
mailing list