Author christian.heimes
Recipients christian.heimes, docs@python
Date 2013-01-21.08:48:01
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Lot's of people still think that something like sha512(secret + message), sha1(password + salt) or even sha1(password) is secure. Except it isn't. Most crypto hash functions like md5, sha1, sha2 family (sha256, sha384, sha512) use a Merkle–Damgård construction [1]. The construction is vulnerable to several attack vectors like length extension attacks. Passwords needs special care, too.

I propose we add a warning to the documentation of hashlib. It's not the right place to teach cryptographics but it's a good place to raise attention. The warning should explain that you shouldn't solely hash secrets or messages containing a secret. For messages a MAC algorithm like HMAC should be used. For passwords a key stretching and key derivation function like PBKDF2, bcrypt or scrypt is much more secure.

Date User Action Args
2013-01-21 08:48:02christian.heimessetrecipients: + christian.heimes, docs@python
2013-01-21 08:48:02christian.heimessetmessageid: <>
2013-01-21 08:48:02christian.heimeslinkissue17006 messages
2013-01-21 08:48:01christian.heimescreate