This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients antoine.pietri, christian.heimes, loewis, rhettinger, vstinner
Date 2018-10-16.14:05:07
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1539698707.83.0.788709270274.issue34930@psf.upfronthosting.co.za>
In-reply-to
Content 
I wouldn't call SHA1 a secure hash function any more. SHA1DC is both an incompatible implementation and a bandaid for legacy applications that can't easily update to a proper hashing algorithm. Also it's rather pointless to update our SHA1 implementation since OpenSSL still uses the standardized SHA1 implementation. CPython prefers OpenSSL's implementation because it's much, much faster than libtomcrypt's implementation.

I need to study SHA1DC first and get some advice before I can make an educated statement. But I'm leaning towards -1 to even support SHA1DC in the standard library, because I don't want to promote SHA1 any more. Applications should move to SHA2, SHA3 and blake2.
History
Date User Action Args
2018-10-16 14:05:07christian.heimessetrecipients: + christian.heimes, loewis, rhettinger, vstinner, antoine.pietri
2018-10-16 14:05:07christian.heimessetmessageid: <1539698707.83.0.788709270274.issue34930@psf.upfronthosting.co.za>
2018-10-16 14:05:07christian.heimeslinkissue34930 messages
2018-10-16 14:05:07christian.heimescreate