[issue17006] Add advice on best practices for hashing secrets

Ramchandra Apte added the comment: It is good to add warnings; if they are ignored it is little worse than the status quo. On 1 January 2016 at 08:54, Ezio Melotti wrote: > > Ezio Melotti added the comment: > > > People are going to skip warning boxes if they occur too often. > > I'm not sure

[issue17006] Add advice on best practices for hashing secrets

Ezio Melotti added the comment: > People are going to skip warning boxes if they occur too often. I'm not sure I agree. This would be true if they were abused for trivial things ("Warnings: using .pop() on a empty list will return an IndexError!"), but I don't think they are. I think warning

[issue17006] Add advice on best practices for hashing secrets

Changes by Joshua Bronson : -- nosy: +jab ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.o

[issue17006] Add advice on best practices for hashing secrets

Changes by A.M. Kuchling : -- nosy: -akuchling ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.py

[issue17006] Add advice on best practices for hashing secrets

Changes by Ezio Melotti : -- stage: needs patch -> patch review versions: +Python 3.5 -Python 3.3 ___ Python tracker ___ ___ Python-bu

[issue17006] Add advice on best practices for hashing secrets

Antoine Pitrou added the comment: Note boxes have nothing to do with warnings, we should discuss them separately if needed. (I see nothing wrong with multiple notes, given that a note is generally something ancillary and optional) -- nosy: +pitrou _

[issue17006] Add advice on best practices for hashing secrets

A.M. Kuchling added the comment: +1 to reducing the number of notes, and to a security HOWTO. (Christian: if you need writing help, please let me know; I'd be happy to help.) -- nosy: +akuchling ___ Python tracker

[issue17006] Add advice on best practices for hashing secrets

Christian Heimes added the comment: Raymond makes a good point. We mustn't clutter the docs with warnings. People are going to skip warning boxes if they occur too often. The documentation of the hashlib module contains three "note" boxes and one "warning box". That's far too many. The first

[issue17006] Add advice on best practices for hashing secrets

R. David Murray added the comment: Raymond: I'm not talking about *adding* a warning. Is it your opinion that the existing warning should be removed? -- ___ Python tracker ___ _

[issue17006] Add advice on best practices for hashing secrets

Raymond Hettinger added the comment: > So probably it should stay a warning in this particular case. Please don't. Python's docs have become cluttered with warning and danger signs. This stands in marked contrast with the docs for other languages which are much cleaner. Our docs have also s

[issue17006] Add advice on best practices for hashing secrets

R. David Murray added the comment: Good point. There is an existing warning for hash weaknesses...the whole thing could be rephrased as "Please see the security considerations section for important information on the considerations involved in using the various hashing algorithms, and notes o

[issue17006] Add advice on best practices for hashing secrets

Changes by Raymond Hettinger : -- title: Warn users about hashing secrets? -> Add advice on best practices for hashing secrets ___ Python tracker ___ ___