Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #78038

Re: hashlib suddenly broken

Path csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path <larry.martell@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.004
X-Spam-Evidence '*H*': 0.99; '*S*': 0.00; 'scripts': 0.03; 'root': 0.05; 'failing': 0.07; 'modified': 0.07; 'valueerror:': 0.09; 'python': 0.11; '2.7': 0.14; 'accepting': 0.14; 'ah,': 0.16; 'deprecated,': 0.16; 'sha1': 0.16; 'ssl,': 0.16; 'subject:broken': 0.16; 'suddenly,': 0.16; 'underlying': 0.16; 'wrote:': 0.18; 'library': 0.18; 'thu,': 0.19; 'to:name:python-list@python.org': 0.22; 'install': 0.23; 'ssl': 0.24; "i've": 0.25; 'possibly': 0.26; 'header:In-Reply-To:1': 0.27; 'am,': 0.29; 'message- id:@mail.gmail.com': 0.30; 'announced': 0.31; 'away.': 0.31; "d'aprano": 0.31; 'larry': 0.31; 'microsoft,': 0.31; 'sep': 0.31; 'skip:/ 80': 0.31; 'steven': 0.31; 'this.': 0.32; 'probably': 0.32; 'running': 0.33; 'mac': 0.33; 'updated': 0.34; 'could': 0.34; 'problem': 0.35; "can't": 0.35; 'case,': 0.35; 'no,': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'google': 0.35; 'there': 0.35; 'really': 0.36; 'dates': 0.36; 'done': 0.36; "didn't": 0.36; 'apple': 0.38; 'needed': 0.38; 'to:addr:python-list': 0.38; 'anything': 0.39; 'expect': 0.39; 'to:addr:python.org': 0.39; 'how': 0.40; 'anything.': 0.68; 'soon.': 0.71; 'wheel': 0.84; 'old,': 0.85; 'imagine': 0.93; '2013': 0.98
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=4iKQXCZsGCupe/8UthbYpPvoJoPx1osrMqOFnv4sW64=; b=sY5XQC00iT2YKfV+3+Xy7InuuZZ7AJ6UZFQHhFR+9Ya0CudZLjqDceukJTT+oFoqml HMowGZQwLaZZHdssIYajlZhG0iTdd8NOj/BcaYmw985nm2RjZX5NxviJGpXF8Eh+mm6t wcX1eI8qnoXtvFfFAz2lZju/njWB8x0BdW7NTg5T7IqM7CDmgtybmKM6+3STUy5NT/yx O7LdpVaj2XrI8NXSowMM8SXNgxrf1xQDzwdlQl6ifG4+IMw/7P9VolcqNFGVOaKWIpKc 4s1qs//zw1Q69JZKHy+J71FKn+wNtGxPrxs16lqwJMbBNItd5kKICEMLWK8aJwwktYi9 86rw==
MIME-Version 1.0
X-Received by 10.180.211.208 with SMTP id ne16mr2611071wic.71.1411068124414; Thu, 18 Sep 2014 12:22:04 -0700 (PDT)
In-Reply-To <541b1158$0$29967$c3e8da3$5496439d@news.astraweb.com>
References <mailman.14109.1411057681.18130.python-list@python.org> <541b1158$0$29967$c3e8da3$5496439d@news.astraweb.com>
Date Thu, 18 Sep 2014 13:22:04 -0600
Subject Re: hashlib suddenly broken
From Larry Martell <larry.martell@gmail.com>
To "python-list@python.org" <python-list@python.org>
Content-Type text/plain; charset=UTF-8
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.14120.1411068127.18130.python-list@python.org> (permalink)
Lines 44
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1411068127 news.xs4all.nl 2951 [2001:888:2000:d::a6]:33064
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:78038

Show key headers only | View raw

On Thu, Sep 18, 2014 at 11:07 AM, Steven D'Aprano
<steve+comp.lang.python@pearwood.info> wrote:
> Larry Martell wrote:
>
>> I am on a mac running 10.8.5, python 2.7
>>
>> Suddenly, many of my scripts started failing with:
>>
>> ValueError: unsupported hash type sha1
> [...]
>> This just started happening yesterday, and I cannot think of anything
>> that I've done that could cause this.
>
> Ah, the ol' "I didn't change anything, I swear!" excuse *wink*
>
> But seriously... did you perhaps upgrade Python prior to yesterday? Or
> possibly an automatic update ran?

No, I did not upgrade or install anything.

> Check the creation/last modified dates on:
>
> /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py

That was in my original post:

$ ls -l /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py
-rw-r--r--  1 root  wheel  5013 Apr 12  2013
/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py


> but I expect that's probably not where the problem lies. My *wild guess* is
> that your system updated SSL, and removed some underlying SHA-1 library
> needed by hashlib. SHA-1 is pretty old, and there is now a known attack on
> it, so some over-zealous security update may have removed it.
>
> If that's the case, it really is over-zealous, for although SHA-1 is
> deprecated, the threat is still some years away. Microsoft, Google and
> Mozilla have all announced that they will continue accepting it until 2017.
> I can't imagine why Apple would removed it so soon.


So you know how I could check and see if I have SHA-1 and when my SSL
was updated?

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 10:27 -0600
  Re: hashlib suddenly broken John Gordon <gordon@panix.com> - 2014-09-18 16:47 +0000
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 13:18 -0600
      Re: hashlib suddenly broken John Gordon <gordon@panix.com> - 2014-09-18 20:21 +0000
        Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 15:30 -0600
  Re: hashlib suddenly broken Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-09-19 03:07 +1000
    Re: hashlib suddenly broken Chris Angelico <rosuav@gmail.com> - 2014-09-19 03:18 +1000
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 13:22 -0600
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 13:23 -0600
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 13:46 -0600
    Re: hashlib suddenly broken Ned Deily <nad@acm.org> - 2014-09-18 13:44 -0700
    Re: hashlib suddenly broken Christian Heimes <christian@python.org> - 2014-09-18 22:49 +0200
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 15:38 -0600
    Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-18 15:39 -0600
    Re: hashlib suddenly broken Christian Heimes <christian@python.org> - 2014-09-19 00:17 +0200
    Re: hashlib suddenly broken Ned Deily <nad@acm.org> - 2014-09-18 15:19 -0700
      Re: hashlib suddenly broken Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-09-19 15:00 +1000
        Re: hashlib suddenly broken Larry Martell <larry.martell@gmail.com> - 2014-09-19 09:09 -0600

csiph-web