[Security-sig] Pending security features for 3.6

Donald Stufft donald at stufft.io
Mon Aug 15 13:46:22 EDT 2016


> On Aug 15, 2016, at 1:12 PM, Christian Heimes <christian at python.org> wrote:
> 
> Add BLAKE2 to hashlib
> ---------------------
> http://bugs.python.org/issue26798
> https://github.com/tiran/cpython/commits/feature/blake2
> 
> BLAKE2 is a fast and powerful hash algorithm. It's as secure as SHA-2
> family, faster than MD5 and has built-in features like MAC support,
> variable output length, salting and personalization. Donald uses BLAKE2
> for PyPI. The patch was refused on python-dev because it introduces too
> much new code.

This in particular is something I’m very hoping will land. I’m hoping to
transition PyPI over to primarily using blake2 (though will need others
for backwards compatibility) and not having blake2 in the stdlib makes
this much less feasible.

—
Donald Stufft





More information about the Security-SIG mailing list