Marc-Andre Lemburg <m...@egenix.com> added the comment:
On 23.03.2022 02:12, Gregory P. Smith wrote:
>
> I view the NIST standard hashes as important enough to attempt to guarantee
> as present (all the SHAs and MD5) as built-in. Others should really
> demonstrate practical application popularity to gain included battery status
> rather than just using PyPI.
+1 on this. I also think the topic deserves a wider discussion.
IMO, Python's stdlib should only provide a basic set of hash algorithms
and not try to add every single new algorithm out there.
PyPI is a much better way to add support for new hash algorithms,
can move much faster than the stdlib, provide specialized builds for
added performance and also add exotic features, which are not always
needed.
Here's the list of Python 3.10 algos on a typical Linux system:
>>> hashlib.algorithms_available
{'sha512_256', 'mdc2', 'md5-sha1', 'md4', 'ripemd160', 'shake_128', 'sha3_384',
'blake2s', 'sha3_512', 'sha3_256', 'sha256', 'sha1', 'sm3', 'sha512_224',
'whirlpool', 'sha384', 'shake_256', 'sha224', 'sha512', 'sha3_224', 'md5',
'blake2b'}
This already is more than enough. Since we're using OpenSSL in Python
anyway, exposing some of the often used algos from OpenSSL is fine,
since it doesn't add much extra bloat. The above list already goes
way beyond this, IMO.
The longer the list gets, the more confusion it causes among users,
since Python's stdlib doesn't provide any guidance on
basic questions such as "Which hash algo should I use for my
application".
Most applications today will only need these basic hash algos:
{'ripemd160', 'sha3_512', 'sha3_256', 'sha256', 'sha1', 'sha512', 'md5'}
----------
nosy: +lemburg
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue39298>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
