Author christian.heimes
Recipients christian.heimes
Date 2013-02-22.12:16:42
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1361535402.96.0.618065106631.issue17276@psf.upfronthosting.co.za>
In-reply-to
Content
As of now the hash algorithm for HMAC defaults to MD5. However MD5 is considered broken. HMAC-MD5 is still ok but shall not be used in new code. Applications should slowly migrate away from HMAC-MD5 and use a more modern algorithm like HMAC-SHA256.

Therefore I propose that default digestmod should be deprecated in Python 3.4 and removed in 3.5. Starting with Python 3.5 developer are forced to choose a hash algorithm like SHA256. Our documentation shall suggest it, too.

In addition I would like to enhance the meaning of the `digestmod` argument a bit. Right now it either must be a module or a callable. It should also support a name, e.g. hmac.new("secret", digestmod="sha256")
History
Date User Action Args
2013-02-22 12:16:43christian.heimessetrecipients: + christian.heimes
2013-02-22 12:16:42christian.heimessetmessageid: <1361535402.96.0.618065106631.issue17276@psf.upfronthosting.co.za>
2013-02-22 12:16:42christian.heimeslinkissue17276 messages
2013-02-22 12:16:42christian.heimescreate