Skip to content

Commit e3547fd

Browse files
tim-onetim-one
committed
More text about the pragmatic significance of hashlib.
1 parent 3cbd038 commit e3547fd

1 file changed

Lines changed: 13 additions & 4 deletions

File tree

Misc/NEWS

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ Core and builtins
2727
at ftp.unicode.org and contain a few updates (e.g. the Mac OS
2828
encodings now include a mapping for the Apple logo)
2929

30-
- Added a few more codecs for Mac OS encodings
30+
- Added a few more codecs for Mac OS encodings
3131

3232
- Speed up some Unicode operations.
3333

@@ -293,7 +293,16 @@ Library
293293
-------
294294

295295
- Added the hashlib module. It provides secure hash functions for MD5 and
296-
SHA1, 224, 256, 384, and 512.
296+
SHA1, 224, 256, 384, and 512. Note that recent developments make the
297+
historic MD5 and SHA1 unsuitable for cryptographic-strength applications.
298+
In <http://mail.python.org/pipermail/python-dev/2005-December/058850.html>
299+
Ronald L. Rivest offered this advice for Python:
300+
301+
"The consensus of researchers in this area (at least as
302+
expressed at the NIST Hash Function Workshop 10/31/05),
303+
is that SHA-256 is a good choice for the time being, but
304+
that research should continue, and other alternatives may
305+
arise from this research. The larger SHA's also seem OK."
297306

298307
- Added a subset of Fredrik Lundh's ElementTree package. Available
299308
modules are xml.etree.ElementTree, xml.etree.ElementPath, and
@@ -458,13 +467,13 @@ Library
458467
disables recursive traversal through instance attributes, which can
459468
be exploited in various ways.
460469

461-
- Bug #1222790: in SimpleXMLRPCServer, set the reuse-address and close-on-exec
470+
- Bug #1222790: in SimpleXMLRPCServer, set the reuse-address and close-on-exec
462471
flags on the HTTP listening socket.
463472

464473
- Bug #792570: SimpleXMLRPCServer had problems if the request grew too large.
465474
Fixed by reading the HTTP body in chunks instead of one big socket.read().
466475

467-
- Patches #893642, #1039083: add allow_none, encoding arguments to constructors of
476+
- Patches #893642, #1039083: add allow_none, encoding arguments to constructors of
468477
SimpleXMLRPCServer and CGIXMLRPCRequestHandler.
469478

470479
- Bug #1110478: Revert os.environ.update to do putenv again.

0 commit comments

Comments
 (0)