[issue15468] Edit docs to hide hashlib.md5()

2016-06-11 Thread Gregory P. Smith 

Changes by Gregory P. Smith :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15468] Edit docs to hide hashlib.md5()

2016-06-11 Thread Roundup Robot 

Roundup Robot added the comment:

New changeset 1cfd627bee05 by Gregory P. Smith in branch 'default':
Clarify that md5 is in the algorithms_guaranteed list despite what
https://hg.python.org/cpython/rev/1cfd627bee05

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15468] Edit docs to hide hashlib.md5()

2016-06-11 Thread Roundup Robot 

Roundup Robot added the comment:

New changeset 13ea0a1d7dde by Gregory P. Smith in branch 'default':
issue15468 - use sha256 instead of md5 or sha1 in the examples.
https://hg.python.org/cpython/rev/13ea0a1d7dde

--
nosy: +python-dev

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15468] Edit docs to hide hashlib.md5()

2016-06-10 Thread Berker Peksag 

Berker Peksag added the comment:

The looks good to me in general, but I'd suggest to refer to the new 
algorithms_guaranteed and algorithms_available attributes in the following 
paragraph:

+:func:`sha512`. The :func:`md5` is typically available, but will be 
missing if
+Python has been compiled in FIPS-compliant mode. If hashlib was compiled 
with
+OpenSSL support then additional algorithms may also be available depending
+upon the OpenSSL library that Python uses on your platform. OpenSSL
+implementations of the builtin algorithms are used if available.

--
assignee:  -> docs@python
components: +Documentation
nosy: +berker.peksag, docs@python
stage:  -> patch review
type:  -> enhancement
versions: +Python 3.5, Python 3.6 -Python 3.3

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15468] Edit docs to hide hashlib.md5()

2012-08-01 Thread Christian Heimes 

Changes by Christian Heimes :


--
nosy: +christian.heimes

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15468] Edit docs to hide hashlib.md5()

2012-08-01 Thread Daniel Holth 

Daniel Holth added the comment:

re-tweak treatment of md5 in hashlib docs (the SHA-2 family is currently 
recommended by http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html)

--
Added file: http://bugs.python.org/file26648/hashlib.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15468] Edit docs to hide hashlib.md5()

2012-07-30 Thread Derek Wilson 

Derek Wilson added the comment:

Attached patch mentioning availability of md5 under FIPS compliance and the use 
of OpenSSL algorithms when available and altering the initial example to use 
sha1 instead of md5.

--
keywords: +patch
nosy: +Derek.Wilson
Added file: http://bugs.python.org/file26609/issue15468.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15468] Edit docs to hide hashlib.md5()

2012-07-30 Thread Gregory P. Smith 

Gregory P. Smith added the comment:

The always present hashes do use openssl if the openssl version hashlib was 
compiled against supports them.  otherwise it falls back to the builtin C 
implementations.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15468] Edit docs to hide hashlib.md5()

2012-07-30 Thread Daniel Holth 

Daniel Holth added the comment:

Taking a second look it is pretty good.

The only other thing that might be worth mentioning explicitly is that the 
"always present" hashes don't actually use OpenSSL.

"Constructors for hash algorithms that are always present in this module are 
md5(), sha1(), sha224(), sha256(), sha384(), and sha512(). Additional 
algorithms may also be available depending upon the OpenSSL library that Python 
uses on your platform."

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15468] Edit docs to hide hashlib.md5()

2012-07-27 Thread Antoine Pitrou 

Antoine Pitrou  added the comment:

The hashlib doc starts with "Warning: Some algorithms have known hash collision 
weaknesses, see the FAQ at the end" (the "FAQ at the end" is a link to a 
Wikipedia article). The sentence "Included are the FIPS secure hash algorithms 
SHA1, SHA224, SHA256, SHA384, and SHA512 (defined in FIPS 180-2) as well as 
RSA’s MD5 algorithm" also conveys the idea that MD5 is not part of the "secure" 
bunch. The only addition I can think of would be to replace md5 with sha1 in 
the small example snippet at the beginning.

--
nosy: +pitrou

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15468] Edit docs to hide hashlib.md5()

2012-07-27 Thread Daniel Holth 

Daniel Holth  added the comment:

Not to mention its continued popularity as a password hash, surpassed only by 
double-rot13. You've convinced me, it is reasonable to continue to support, 
nay, recommend md5 for the non-FIPS world. This hash function continues to have 
raving fans, especially in applications such as hashing data that is either 
read from or written to disk where the computational and storage cost of using 
a more modern hash is too severe for the majority of new applications.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15468] Edit docs to hide hashlib.md5()

2012-07-27 Thread Gregory P. Smith 

Gregory P. Smith  added the comment:

The only edit that is needed is for md5 to be documented as unavailable when 
Python has been compiled in FIPS-compliant mode.  Most of the world does not 
and will never use that mode.

md5 is still a perfectly good algorithm for many uses and is required for 
legacy reasons to support the decades of already deployed uses of md5.

--
keywords: +easy

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15468] Edit docs to hide hashlib.md5()

2012-07-27 Thread Éric Araujo 

Changes by Éric Araujo :


--
nosy: +eric.araujo, gregory.p.smith

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15468] Edit docs to hide hashlib.md5()

2012-07-27 Thread Daniel Holth 

New submission from Daniel Holth :

md5() has been obsolete since 1996. It has no place as the first item in 
hashlib's list of "guaranteed to be available" hashes, and it doesn't work when 
Python has been compiled to be FIPS-compliant.

The documentation should be edited to make md5's availability as non-obvious as 
possible.

--
messages: 166577
nosy: dholth
priority: normal
severity: normal
status: open
title: Edit docs to hide hashlib.md5()
versions: Python 3.3

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com