classification
Title: HMAC: deprecate default hash
Type: behavior Stage: resolved
Components: Library (Lib) Versions: Python 3.4
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: akuchling, christian.heimes, gregory.p.smith, haypo, jcea, pitrou, python-dev, r.david.murray
Priority: normal Keywords: patch

Created on 2013-02-22 12:16 by christian.heimes, last changed 2014-03-09 19:17 by python-dev. This issue is now closed.

Files
File name Uploaded Description Edit
17276.patch christian.heimes, 2013-08-18 15:36 review
17276-2.patch christian.heimes, 2013-08-19 16:24 review
17276-3.patch christian.heimes, 2013-10-22 12:23 review
Messages (19)
msg182662 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-02-22 12:16
As of now the hash algorithm for HMAC defaults to MD5. However MD5 is considered broken. HMAC-MD5 is still ok but shall not be used in new code. Applications should slowly migrate away from HMAC-MD5 and use a more modern algorithm like HMAC-SHA256.

Therefore I propose that default digestmod should be deprecated in Python 3.4 and removed in 3.5. Starting with Python 3.5 developer are forced to choose a hash algorithm like SHA256. Our documentation shall suggest it, too.

In addition I would like to enhance the meaning of the `digestmod` argument a bit. Right now it either must be a module or a callable. It should also support a name, e.g. hmac.new("secret", digestmod="sha256")
msg182663 - (view) Author: Jesús Cea Avión (jcea) * (Python committer) Date: 2013-02-22 12:48
+1.
msg182666 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2013-02-22 13:59
I don't know how you intend to make `digestmod` mandatory given the current function signature.

> Applications should slowly migrate away from HMAC-MD5 and use a more
> modern algorithm like HMAC-SHA256.

Applications don't always choose their cipher. MD5 is needed for compatibility with existing protocols such as CRAM-MD5.
msg182668 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-02-22 14:51
> I don't know how you intend to make `digestmod` mandatory given the current function signature.

That's easy:

if digestmod is None:
    raise TypeError("HMAC needs argument 'digestmod'")
msg182669 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-02-22 15:13
PS: I don't want to deprecate HMAC-MD5. I just want to deprecate that HMAC defaults to HMAC-MD5.
msg195569 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-18 15:36
Here is a patch that deprecates MD5 has implicit default hashing algorithm. It also implements digestmod string support.

PEP 247 doesn't define the digestmod argument of keyed hashing algorithms. I'm going to define it in PEP 452.
msg195645 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-19 16:24
assertWarns() is much easier than the block I have copied and pasted. Thanks. :)
msg196662 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2013-08-31 18:43
comments added to the review.

I don't think a DeprecationWarning should be raised as that'll infuriate users of python programs more than developers who can fix code.
msg200729 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-10-21 09:01
GPS, what do you suggest instead? Do you want me to remove the deprecation warning?
msg200801 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2013-10-21 15:30
yes just remove the DeprecationWarning.  Document it as deprecated with a release now+0.2 as the earliest it will be removed.  (if you want a warning at all, use PendingDeprecationWarning as that one is filtered out by default so it won't bother users of tools written in Python but only developers actively looking for issues)
msg200931 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-10-22 12:23
I've changed the deprecation warning to PendingDeprecationWarning. Please review my wording and grammar.
msg200934 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2013-10-22 12:34
I would prefer to directly raise an exception in Python 3.4. Developers will not notice a warning, warning are hidden by default. How many developers run their tests using -Werror?

Having to add a parameter to hmac() in applications to port them to Python 3.4 should not be so hard. And using MD5 is really a major security issue, don't you think so?
msg200937 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2013-10-22 12:49
> Having to add a parameter to hmac() in applications to port them to
> Python 3.4 should not be so hard. And using MD5 is really a major
> security issue, don't you think so?

Some uses of md5 don't have anything to do with security. I'm -1
on removing the default value here.
msg200939 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-10-22 12:56
HMAC-MD5 is still fine for legacy support. I wouldn't use it in new program, though
msg203165 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-11-17 14:18
I'll commit the patch later.
msg203228 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2013-11-17 23:13
Well, if deprecating is not an option, it's probably better to add a red warning explaining why the default choice may not fit all use cases.
msg203498 - (view) Author: Roundup Robot (python-dev) Date: 2013-11-20 16:23
New changeset 86107e7e6ee5 by Christian Heimes in branch 'default':
Issue #17276: MD5 as default digestmod for HMAC is deprecated. The HMAC
http://hg.python.org/cpython/rev/86107e7e6ee5
msg212950 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2014-03-09 03:00
I don't understand why PendingDeprecationWarning was used here.  DeprecationWarnings are silent by default.  I'm also not clear on why this is being delayed until 3.6, instead of being changed in 3.5 after a deprecation, given that the default is considered to be a bit of a security issue.
msg212974 - (view) Author: Roundup Robot (python-dev) Date: 2014-03-09 19:17
New changeset c10ec51a2ce4 by R David Murray in branch 'default':
whatsnew: hmac *digestmod* accepts strings, and default is deprecated. (#17276)
http://hg.python.org/cpython/rev/c10ec51a2ce4
History
Date User Action Args
2014-03-09 19:17:42python-devsetmessages: + msg212974
2014-03-09 03:00:31r.david.murraysetnosy: + r.david.murray
messages: + msg212950
2013-11-20 16:23:46christian.heimessetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2013-11-20 16:23:31python-devsetnosy: + python-dev
messages: + msg203498
2013-11-17 23:13:29hayposetmessages: + msg203228
2013-11-17 14:18:33christian.heimessetassignee: christian.heimes
messages: + msg203165
2013-10-22 12:56:38christian.heimessetmessages: + msg200939
2013-10-22 12:49:26pitrousetmessages: + msg200937
2013-10-22 12:34:55hayposetnosy: + haypo
messages: + msg200934
2013-10-22 12:23:03christian.heimessetfiles: + 17276-3.patch

messages: + msg200931
2013-10-21 15:30:43gregory.p.smithsetmessages: + msg200801
2013-10-21 09:01:51christian.heimessetmessages: + msg200729
2013-08-31 18:43:23gregory.p.smithsetmessages: + msg196662
2013-08-19 16:24:01christian.heimessetfiles: + 17276-2.patch

messages: + msg195645
2013-08-18 15:36:04christian.heimessetfiles: + 17276.patch

nosy: + akuchling, gregory.p.smith
messages: + msg195569

keywords: + patch
stage: needs patch -> patch review
2013-02-22 15:13:05christian.heimessetmessages: + msg182669
2013-02-22 14:51:25christian.heimessetmessages: + msg182668
2013-02-22 13:59:57pitrousetnosy: + pitrou
messages: + msg182666
2013-02-22 12:48:38jceasetnosy: + jcea
messages: + msg182663
2013-02-22 12:16:42christian.heimescreate