MD6 in Python

Robert Kern robert.kern at
Fri Jun 5 17:38:56 EDT 2009

On 2009-06-05 16:09, mikle3 at wrote:
> On Jun 5, 11:46 pm, Christian Heimes<li... at>  wrote:
>> mik... at schrieb:
>>> As every one related to security probably knows, Rivest (and his
>>> friends) have a new hashing algorithm which is supposed to have none
>>> of the weaknesses of MD5 (and as a side benefit - not too many rainbow
>>> tables yet). His code if publicly available under the MIT license.
>>> Is there a reason not to add it to the standard lib, following the
>>> hashlib "protocol"?
>> Somebody has to write and add a md6 wrapper to the standard library.
>> It's going to take some time, at least 18 months until Python 2.8 and
>> 3.2 are going to be released.
>> Do you need a wrapper for md6? I could easily write one in about an hour.
>> Christian
> It's not that I need it, I can sure use it. I can also write a wrapper
> myself.
> My secret agenda is too see if other people want it and write it as an
> addition to the standard lib, thus wetting my feet in Python Core
> Development without actually breaking anything :)

My gut feeling is that it's too new. In a year, the current round of the SHA-3 
competition will be over, you will have much more information about how MD6 
fares against its competitors, and you will still have some time to get it into 
Python 2.8/3.2. We don't actually *know* that it doesn't have equivalent 
weaknesses until the cryptanalysts try to break it for a year or so.  :-)

Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
  that is made terrible by our own mad attempt to interpret it as though it had
  an underlying truth."
   -- Umberto Eco

More information about the Python-list mailing list