hashlib suddenly broken

Larry Martell larry.martell at gmail.com
Thu Sep 18 21:46:07 CEST 2014


On Thu, Sep 18, 2014 at 1:22 PM, Larry Martell <larry.martell at gmail.com> wrote:
> On Thu, Sep 18, 2014 at 11:07 AM, Steven D'Aprano
> <steve+comp.lang.python at pearwood.info> wrote:
>> Larry Martell wrote:
>>
>>> I am on a mac running 10.8.5, python 2.7
>>>
>>> Suddenly, many of my scripts started failing with:
>>>
>>> ValueError: unsupported hash type sha1
>> [...]
>>> This just started happening yesterday, and I cannot think of anything
>>> that I've done that could cause this.
>>
>> Ah, the ol' "I didn't change anything, I swear!" excuse *wink*
>>
>> But seriously... did you perhaps upgrade Python prior to yesterday? Or
>> possibly an automatic update ran?
>
> No, I did not upgrade or install anything.
>
>> Check the creation/last modified dates on:
>>
>> /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py
>
> That was in my original post:
>
> $ ls -l /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py
> -rw-r--r--  1 root  wheel  5013 Apr 12  2013
> /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py
>
>
>> but I expect that's probably not where the problem lies. My *wild guess* is
>> that your system updated SSL, and removed some underlying SHA-1 library
>> needed by hashlib. SHA-1 is pretty old, and there is now a known attack on
>> it, so some over-zealous security update may have removed it.
>>
>> If that's the case, it really is over-zealous, for although SHA-1 is
>> deprecated, the threat is still some years away. Microsoft, Google and
>> Mozilla have all announced that they will continue accepting it until 2017.
>> I can't imagine why Apple would removed it so soon.
>
>
> So you know how I could check and see if I have SHA-1 and when my SSL
> was updated?

Nothing appears to have been recently changed:

$ ls -la /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL
total 224
drwxr-xr-x  12 root  wheel     408 Jun 20  2012 .
drwxr-xr-x  41 root  wheel    1394 Apr 13  2013 ..
-rwxr-xr-x   1 root  wheel  124736 Apr 12  2013 SSL.so
-rw-r--r--   1 root  wheel     965 Apr 12  2013 __init__.py
-rw-r--r--   1 root  wheel     991 Apr 12  2013 __init__.pyc
-rwxr-xr-x   1 root  wheel  168544 Apr 12  2013 crypto.so
-rwxr-xr-x   1 root  wheel   40864 Apr 12  2013 rand.so
drwxr-xr-x  12 root  wheel     408 Jun 20  2012 test
-rw-r--r--   1 root  wheel    1010 Apr 12  2013 tsafe.py
-rw-r--r--   1 root  wheel    1775 Apr 12  2013 tsafe.pyc
-rw-r--r--   1 root  wheel     176 Apr 12  2013 version.py
-rw-r--r--   1 root  wheel     293 Apr 12  2013 version.pyc



More information about the Python-list mailing list