New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect note about md5 in hmac module documentation #49462
Comments
The HMAC module page [1] says: Note: The md5 hash has known weaknesses but remains the default for However, according to the "Hash Collision Q&A" [2] linked to from the Q: Do these attacks break HMAC using MD5 or SHA-1? It seems like the note is incorrect. |
Bruce Schneier also says (regarding the SHA-1 collision attacks), "it http://www.schneier.com/blog/archives/2005/02/sha1_broken.html |
Are you proposing that the note be removed entirely (and ignore the results it is based on) or just reworded? If it were removed, I could imagine complaints. If reword, specifically how? |
Since the note is incorrect, it seems like it should be removed. What "results it is based on" are you referring to and what complaints are you concerned about? |
The supposed 'known weaknesses'. I have no particular opinion. |
Removed note in r85617. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: