Author christian.heimes
Recipients christian.heimes, docs@python
Date 2013-01-21.08:48:01
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1358758082.76.0.415880124971.issue17006@psf.upfronthosting.co.za>
In-reply-to
Content
Lot's of people still think that something like sha512(secret + message), sha1(password + salt) or even sha1(password) is secure. Except it isn't. Most crypto hash functions like md5, sha1, sha2 family (sha256, sha384, sha512) use a Merkle–Damgård construction [1]. The construction is vulnerable to several attack vectors like length extension attacks. Passwords needs special care, too.

I propose we add a warning to the documentation of hashlib. It's not the right place to teach cryptographics but it's a good place to raise attention. The warning should explain that you shouldn't solely hash secrets or messages containing a secret. For messages a MAC algorithm like HMAC should be used. For passwords a key stretching and key derivation function like PBKDF2, bcrypt or scrypt is much more secure.

[1] http://en.wikipedia.org/wiki/Merkle%E2%80%93Damg%C3%A5rd_construction
History
Date User Action Args
2013-01-21 08:48:02christian.heimessetrecipients: + christian.heimes, docs@python
2013-01-21 08:48:02christian.heimessetmessageid: <1358758082.76.0.415880124971.issue17006@psf.upfronthosting.co.za>
2013-01-21 08:48:02christian.heimeslinkissue17006 messages
2013-01-21 08:48:01christian.heimescreate