Hi David, You're correct that HMAC's security is still fine when used with SHA-1, HMAC-MD5 is even secure believe it or not.
That said, I'd generally recommend people migrate to HMAC-SHA-256 anyways, to make analyzing their software easier. Alex On Wed, Mar 15, 2017 at 1:48 PM, David Lord <david...@gmail.com> wrote: > Hello cryptography, > > Over at the Flask repos, we've had a number of requests to use SHA-256 > instead of SHA-1 in a couple places. > Werkzeug defaults to SHA-1 as part of PBKDF2 to generate password hashes. > ItsDangerous defaults to SHA-1 as part of HMAC signatures. > > After some discussion I concluded that as used in those two methods, > SHA-1's collision issues were not relevant. > However, I'd like to get a second opinion from the cryptography experts. > > I can change the default to SHA-256, but if it's not actually making > things more secure then that's just increasing time and space for no reason. > > Thanks, > David > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
