I meant to exclude md5 and sha1, e.g. hash functions with known problems.
SHA224 would be a weird choice but it wouldn't personally offend me
otherwise. It would be fun to see how many wheel handlers support
non-sha256 hash functions.
On Mon, Mar 29, 2021 at 9:56 PM Theallredman via Python-Dev <
Thank you. I can't think of a compelling reason someone would want to choose
SHA224 over SHA256 in the context of wheel generation. It just that the PEPs
are usually pretty explicit and SHA224 seemed to be implicitly excluded from
RECORD files. And I'm considering the details of making a
I suggest that SHA224 does not qualify as "SHA256 or better".
Truncating any hash should not be considered equivalent or better.
Reductio ad absurdum: truncate to 128 bits, 16 bits, 8 bits, or 1 bit.
On Mon, 2021-03-29 at 08:15 +, Theallredman via Python-Dev wrote:
> No need to be
On Mon, 29 Mar 2021 at 17:40, Theallredman via Python-Dev
wrote:
> So going back to my actual question SHA224 is disallowed in record files
> because it's bit length is less then 256?
It doesn't look like it's ever been excluded. The only explicit
exclusions are MD5 and SHA1 as you point out.
No need to be condescending. Trust me when I say I know the bit length relates
to the collision resistance. Also trust me when I say there are other
dimensions upon which to consider one hash algo over another other then just
collision resistance such as, power consumption, execution time,
On 2021-03-27 01:54, Theallredman via Python-Dev wrote:
Forgive me if this isn't the correct venue for this question and I ask
your help directing me to the correct place if it is not.
In PEP-376 it states with respect to the valid hashes in a Wheel RECORD
file:
"The hash is either the
