Message 353162 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes
Date	2019-09-25.10:09:58
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1569406198.76.0.145895264341.issue38270@roundup.psfhosted.org>
In-reply-to

Content
MD5 hash digest algorithm has known security issues and is getting blocked on systems with strict security policies. Python uses MD5 in several unittests. These tests should either avoid MD5 and use SHA256 instead. Or tests that really require MD5 should check for the availability of MD5 and skip these tests. The latter are network-related tests that check for digest auth or CRAM-MD5 auth. Avoidable use of MD5: * test_hmac tests for default constructor * test_tarfile checksum Tests that require MD5: * test_urllib2_localnet digest auth * CRAM-MD5 in test_imaplib, test_poplib, test_smtplib

MD5 hash digest algorithm has known security issues and is getting blocked on systems with strict security policies.

Python uses MD5 in several unittests. These tests should either avoid MD5 and use SHA256 instead. Or tests that really require MD5 should check for the availability of MD5 and skip these tests. The latter are network-related tests that check for digest auth or CRAM-MD5 auth.

Avoidable use of MD5:
* test_hmac tests for default constructor
* test_tarfile checksum

Tests that require MD5:
* test_urllib2_localnet digest auth
* CRAM-MD5 in test_imaplib, test_poplib, test_smtplib

History
Date	User	Action	Args
2019-09-25 10:09:58	christian.heimes	set	recipients: + christian.heimes
2019-09-25 10:09:58	christian.heimes	set	messageid: <1569406198.76.0.145895264341.issue38270@roundup.psfhosted.org>
2019-09-25 10:09:58	christian.heimes	link	issue38270 messages
2019-09-25 10:09:58	christian.heimes	create