On Fri, May 27, 2016 at 9:35 AM, M.-A. Lemburg <m...@egenix.com> wrote:
> > So if ( and that's a big if) it's possible to anticipate what will be > > in widespread use in a couple years, getting it in now would be a good > > thing. > > You cut away the important part of what I said: > "The current patch is 1.2MB for SHA-3 - that's pretty heavy for > just a few hash functions, ..." > > If people want to use the hashes earlier, this is already possible > via a separate package, so we're not delaying their use. > That's true for ANY addition to the stdlib -- it could always be made available in a third party lib. (unless you want to use it in another part of the stdlib...) > It is clear that SHA-3 will get more traction in coming years (*), > but I'm pretty sure that OpenSSL will have good implementations by > the time people will actively start using the new hash algorithm > and then hashlib will automatically make that available (hashlib > uses the OpenSSL EVP abstraction, so will be able to use any > new algorithms added to OpenSSL). > > However, if we add the reference implementation now, we'd then be > left with 1.2MB unnecessary code in the stdlib. > I'm probably showing my ignorance here, but couldn't we swap in the OpenSSL implementation when that becomes available? -CHB (*) People are just now starting to move from SHA-1 to SHA-2 > and SHA-2 was standardized in 2001. Python received SHA-2 support > in 2006. So there's plenty of time to decide :-) can't deny the history, nor the inertia -- but that doesn't make it a good thing... -- Christopher Barker, Ph.D. Oceanographer Emergency Response Division NOAA/NOS/OR&R (206) 526-6959 voice 7600 Sand Point Way NE (206) 526-6329 fax Seattle, WA 98115 (206) 526-6317 main reception chris.bar...@noaa.gov
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
