On Sat, May 28, 2016, 13:58 Christian Heimes <christ...@python.org> wrote:
> On 2016-05-27 03:54, M.-A. Lemburg wrote: > > On 27.05.2016 06:54, Raymond Hettinger wrote: > >> > >>> On May 25, 2016, at 3:29 AM, Christian Heimes <christ...@python.org> > wrote: > >>> > >>> I have three hashing-related patches for Python 3.6 that are waiting > for > >>> review. Altogether the three patches add ten new hash algorithms to the > >>> hashlib module: SHA3 (224, 256, 384, 512), SHAKE (SHA3 XOF 128, 256), > >>> BLAKE2 (blake2b, blake2s) and truncated SHA512 (224, 256). > >> > >> Do we really need ten? I don't think the standard library is the place > to offer all variants of hashing. And we should avoid getting in a cycle > of "this was just released by NIST" and "nobody uses that one anymore". Is > any one of them an emergent best practice (i.e. starting to be commonly > used in network protocols because it is better, faster, stronger, etc)? > >> > >> Your last message on https://bugs.python.org/issue16113 suggests that > these aren't essential and that there is room for debate about whether some > of them are standard-library worthy (i.e. we will have them around forever). > > > > I can understand your eagerness to get this landed, since it's > > been 4 years since work started, but I think we should wait with > > the addition until OpenSSL has them: > > > > https://github.com/openssl/openssl/issues/439 > > > > The current patch is 1.2MB for SHA-3 - that's pretty heavy for just > > a few hash functions, which aren't in any wide spread use yet and > > probably won't be for quite a few years ahead. > > About 1 MB of the 1.2 MB are test vectors for SHA3. Strictly speaking > the test vectors are not required. > We can always make the test vector file an external download like we do for some of the codec tests. -brett > > IMO, relying on OpenSSL is a better strategy than providing > > (and maintaining) our own compatibility versions. Until OpenSSL > > has them, people can use Björn's package: > > > > https://github.com/bjornedstrom/python-sha3 > > > > Perhaps you could join forces with Björn to create a standard > > SHA-3 standalone package on PyPI based on your two variants > > which we could recommend to people in the docs ?! > > I have been maintaining my own SHA3 module for couple of years. A month > ago I moved my code to github and ported it to the new Keccak Code > Package. The standalone package uses the same code as my patch but also > provides the old Keccak hashes and works on Python 2.7. > > https://github.com/tiran/pysha3 > https://pypi.python.org/pypi/pysha3 > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/brett%40python.org >
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
