Hello cryptography,
Over at the Flask repos, we've had a number of requests to use SHA-256
instead of SHA-1 in a couple places.
Werkzeug defaults to SHA-1 as part of PBKDF2 to generate password hashes.
ItsDangerous defaults to SHA-1 as part of HMAC signatures.
After some discussion I concluded th
Hi David,
You're correct that HMAC's security is still fine when used with SHA-1,
HMAC-MD5 is even secure believe it or not.
That said, I'd generally recommend people migrate to HMAC-SHA-256 anyways,
to make analyzing their software easier.
Alex
On Wed, Mar 15, 2017 at 1:48 PM, David Lord wro
Echoing Alex's comments, SHA1's problems do not affect HMAC constructions
so there's no current security issue. That said, optics in cryptography can
be important (as you're seeing with your user requests now). You will save
yourself a great deal of low grade noise in the future by simply switching
It's also worth noting that the correct time to switch is not when
something is broken, it's well before then.
Alex
On Wed, Mar 15, 2017 at 5:14 PM, Paul Kehrer
wrote:
> Echoing Alex's comments, SHA1's problems do not affect HMAC constructions
> so there's no current security issue. That said,
With that said, if performance is an issue, you might want to look into
using SHA512 instead due to optimizations on 64bit platforms.
On Mar 15, 2017 15:16, "Alex Gaynor" wrote:
> It's also worth noting that the correct time to switch is not when
> something is broken, it's well before then.
>
>
