This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author lemburg
Recipients Zooko.Wilcox-O'Hearn, christian.heimes, corona10, gregory.p.smith, jstasiak, kmaork, larry, lemburg, mgorny, oconnor663, xtreak
Date 2022-03-23.10:23:53
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
In-reply-to <>
On 23.03.2022 02:12, Gregory P. Smith wrote:
> I view the NIST standard hashes as important enough to attempt to guarantee as present (all the SHAs and MD5) as built-in. Others should really demonstrate practical application popularity to gain included battery status rather than just using PyPI.

+1 on this. I also think the topic deserves a wider discussion.

IMO, Python's stdlib should only provide a basic set of hash algorithms
and not try to add every single new algorithm out there.

PyPI is a much better way to add support for new hash algorithms,
can move much faster than the stdlib, provide specialized builds for
added performance and also add exotic features, which are not always

Here's the list of Python 3.10 algos on a typical Linux system:

>>> hashlib.algorithms_available
{'sha512_256', 'mdc2', 'md5-sha1', 'md4', 'ripemd160', 'shake_128', 'sha3_384',
'blake2s', 'sha3_512', 'sha3_256', 'sha256', 'sha1', 'sm3', 'sha512_224',
'whirlpool', 'sha384', 'shake_256', 'sha224', 'sha512', 'sha3_224', 'md5',

This already is more than enough. Since we're using OpenSSL in Python
anyway, exposing some of the often used algos from OpenSSL is fine,
since it doesn't add much extra bloat. The above list already goes
way beyond this, IMO.

The longer the list gets, the more confusion it causes among users,
since Python's stdlib doesn't provide any guidance on
basic questions such as "Which hash algo should I use for my

Most applications today will only need these basic hash algos:

{'ripemd160', 'sha3_512', 'sha3_256', 'sha256', 'sha1', 'sha512', 'md5'}
Date User Action Args
2022-03-23 10:23:53lemburgsetrecipients: + lemburg, gregory.p.smith, larry, christian.heimes, mgorny, Zooko.Wilcox-O'Hearn, jstasiak, oconnor663, corona10, xtreak, kmaork
2022-03-23 10:23:53lemburglinkissue39298 messages
2022-03-23 10:23:53lemburgcreate