[Python-Dev] New hash algorithms: SHA3, SHAKE, BLAKE2, truncated SHA512
Brett Cannon
brett at python.org
Sat May 28 17:06:49 EDT 2016
On Sat, May 28, 2016, 13:58 Christian Heimes <christian at python.org> wrote:
> On 2016-05-27 03:54, M.-A. Lemburg wrote:
> > On 27.05.2016 06:54, Raymond Hettinger wrote:
> >>
> >>> On May 25, 2016, at 3:29 AM, Christian Heimes <christian at python.org>
> wrote:
> >>>
> >>> I have three hashing-related patches for Python 3.6 that are waiting
> for
> >>> review. Altogether the three patches add ten new hash algorithms to the
> >>> hashlib module: SHA3 (224, 256, 384, 512), SHAKE (SHA3 XOF 128, 256),
> >>> BLAKE2 (blake2b, blake2s) and truncated SHA512 (224, 256).
> >>
> >> Do we really need ten? I don't think the standard library is the place
> to offer all variants of hashing. And we should avoid getting in a cycle
> of "this was just released by NIST" and "nobody uses that one anymore". Is
> any one of them an emergent best practice (i.e. starting to be commonly
> used in network protocols because it is better, faster, stronger, etc)?
> >>
> >> Your last message on https://bugs.python.org/issue16113 suggests that
> these aren't essential and that there is room for debate about whether some
> of them are standard-library worthy (i.e. we will have them around forever).
> >
> > I can understand your eagerness to get this landed, since it's
> > been 4 years since work started, but I think we should wait with
> > the addition until OpenSSL has them:
> >
> > https://github.com/openssl/openssl/issues/439
> >
> > The current patch is 1.2MB for SHA-3 - that's pretty heavy for just
> > a few hash functions, which aren't in any wide spread use yet and
> > probably won't be for quite a few years ahead.
>
> About 1 MB of the 1.2 MB are test vectors for SHA3. Strictly speaking
> the test vectors are not required.
>
We can always make the test vector file an external download like we do for
some of the codec tests.
-brett
> > IMO, relying on OpenSSL is a better strategy than providing
> > (and maintaining) our own compatibility versions. Until OpenSSL
> > has them, people can use Björn's package:
> >
> > https://github.com/bjornedstrom/python-sha3
> >
> > Perhaps you could join forces with Björn to create a standard
> > SHA-3 standalone package on PyPI based on your two variants
> > which we could recommend to people in the docs ?!
>
> I have been maintaining my own SHA3 module for couple of years. A month
> ago I moved my code to github and ported it to the new Keccak Code
> Package. The standalone package uses the same code as my patch but also
> provides the old Keccak hashes and works on Python 2.7.
>
> https://github.com/tiran/pysha3
> https://pypi.python.org/pypi/pysha3
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> https://mail.python.org/mailman/options/python-dev/brett%40python.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20160528/8b608382/attachment.html>
More information about the Python-Dev
mailing list