Title: hmac cannot be used with shake algorithms
Type: behavior Stage:
Components: Extension Modules Versions: Python 3.7, Python 3.6
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, minrk, takluyver
Priority: normal Keywords:

Created on 2016-10-07 11:50 by minrk, last changed 2016-10-11 09:32 by christian.heimes.

Messages (2)
msg278235 - (view) Author: Min RK (minrk) * Date: 2016-10-07 11:50
HMAC digest methods call inner.digest() with no arguments, but new-in-3.6 shake algorithms require a length argument.

possible solutions:

1. add optional length argument to HMAC.[hex]digest, and pass through to inner hash object
2. set hmac.digest_size, and use that to pass through to inner hash object if inner hash object has digest_size == 0
3. give shake hashers a default value for `length` in digest methods (logically 32 for shake_256, 16 for shake_128, I think)


import hmac, hashlib

h = hmac.HMAC(b'secret', digestmod=hashlib.shake_256)
h.hexdigest() # raises on self.inner.digest() requires length argument
msg278468 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2016-10-11 09:32
It's not a bug, but indented behavior. It does not make any sense to use SHAKE with the HMAC construct. In fact it does not make sense to combine Keccak sponge or Blake2 with HMAC at all. HMAC is only necessary for old, Merkle-Damgard hashing algorithms like MD5, SHA1 and SHA2, because they are subject to length extension attacks.

The correct solution is
4. improve documentation
Date User Action Args
2016-10-11 09:32:00christian.heimessetmessages: + msg278468
2016-10-07 18:28:53SilentGhostsetnosy: + christian.heimes
type: behavior
components: + Extension Modules
2016-10-07 13:15:22takluyversetnosy: + takluyver
2016-10-07 11:50:44minrkcreate