[Python-Dev] New hash algorithms: SHA3, SHAKE, BLAKE2, truncated SHA512
Christian Heimes
christian at python.org
Sat May 28 17:13:28 EDT 2016
On 2016-05-27 14:41, M.-A. Lemburg wrote:
> On 27.05.2016 22:58, Ryan Gonzalez wrote:
>> On May 27, 2016 3:04 PM, "Victor Stinner" <victor.stinner at gmail.com> wrote:
>>>
>>> Le vendredi 27 mai 2016, M.-A. Lemburg <mal at egenix.com> a écrit :
>>>>
>>>> The current patch is 1.2MB for SHA-3 - that's pretty heavy for just
>>>> a few hash functions, which aren't in any wide spread use yet and
>>>> probably won't be for quite a few years ahead.
>>>
>>>
>>> Oh wow, it's so fat? Why is it so big? Can't we use a lighter version?
>>>
>>
>> The stark majority of the patch is Lib/test/vectors/sha3_224.txt, which
>> seems to be (as the file path implies) just test data. A whopping >1k LOC
>> of really long hashes.
>
> Right. There's about 1MB test data in the patch, but even
> without that data, the patch adds more than 6400 lines of code.
The KeccakCodePackage is rather large. I already removed all unnecessary
files and modified some files so more code is shared between 32 and
64bit optimized variants. Please keep in mind that the KCP contains
multiple implementations with different optimizations for CPU
architectures. I already removed the ARM NEON optimization.
I also don't get your obsession with lines of code. The gzip and expat
are far bigger than the KeccakCodePackage.
> If we add this now, there should at least be an exit strategy
> to remove the code again, when OpenSSL ships with the same
> code, IMO.
>
> Aside: BLAKE2 has already landed in OpenSSL 1.1.0:
>
> https://github.com/openssl/openssl/tree/master/crypto/blake2
Except BLAKE2 in OpenSSL is severely castrated and tailored towards a
very limited use case. The implementation does not support any of the
useful advanced features like keyed hashing (MAC), salt,
personalization, tree hashing and variable hash length.
More information about the Python-Dev
mailing list