New submission from Christian Heimes:

As of now the hash algorithm for HMAC defaults to MD5. However MD5 is 
considered broken. HMAC-MD5 is still ok but shall not be used in new code. 
Applications should slowly migrate away from HMAC-MD5 and use a more modern 
algorithm like HMAC-SHA256.

Therefore I propose that default digestmod should be deprecated in Python 3.4 
and removed in 3.5. Starting with Python 3.5 developer are forced to choose a 
hash algorithm like SHA256. Our documentation shall suggest it, too.

In addition I would like to enhance the meaning of the `digestmod` argument a 
bit. Right now it either must be a module or a callable. It should also support 
a name, e.g. hmac.new("secret", digestmod="sha256")

----------
components: Library (Lib)
messages: 182662
nosy: christian.heimes
priority: normal
severity: normal
stage: needs patch
status: open
title: HMAC: deprecate default hash
type: behavior
versions: Python 3.4

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue17276>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to