Marc-Andre Lemburg <m...@egenix.com> added the comment:
On 2009-01-06 23:10, Lukas Lueg wrote:
> Lukas Lueg <knabberknusperh...@yahoo.de> added the comment:
>
>> It might be a good idea to remove the word "secure" from the
>> hashlib documentation, since security of these algorithms is
>> always limited to a certain period of time.
>
> I'm sorry, was that a boy attempted humor ? [Misuse quote from DH3: Check]
No, it's the reality of life and one of the reasons why digitally
signed data needs to be resigned every few years in order to keep
the data secured and the legal status of the signature intact.
Note that SHA-0 and -1 were broken in 2005:
http://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html
In Germany, the BSI which corresponds to the NSA in the US, publishes
a list of algorithms each year that are deemed safe, including their
expiration year:
http://www.bundesnetzagentur.de/enid/Veroeffentlichungen/Algorithmen_sw.html
(in German)
They regard SHA-1 as expired by the end of this year. For SHA-2 functions
they give 2015 as expiry date.
The NSA has similar guidelines:
http://csrc.nist.gov/groups/ST/hash/statement.html
They currently suggest using SHA-2 functions for crypto applications,
but are also running a new contest for SHA-3:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/submissions_rnd1.html
> Anyway, in fact that might be a good idea: Reflect that the hashlib
> module includes hash functions for the sake of compatibility and
> interoperability and not everlasting security.
BTW: Not sure what Deer Hunter 3 has to do with all this ;-)
http://www.planetdeerhunter.com/dh3
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue4858>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
