Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!goblin3!goblin2!goblin.stu.neva.ru!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.004 X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'scripts': 0.03; 'root': 0.05; 'failing': 0.07; 'modified': 0.07; 'valueerror:': 0.09; 'python': 0.11; '2.7': 0.14; 'accepting': 0.14; '1010': 0.16; '__init__.py': 0.16; 'ah,': 0.16; 'deprecated,': 0.16; 'sha1': 0.16; 'ssl,': 0.16; 'subject:broken': 0.16; 'suddenly,': 0.16; 'underlying': 0.16; 'wrote:': 0.18; 'library': 0.18; 'thu,': 0.19; '>>>': 0.22; 'appears': 0.22; 'to:name:python-list@python.org': 0.22; 'install': 0.23; 'ssl': 0.24; "i've": 0.25; 'possibly': 0.26; 'header:In-Reply-To:1': 0.27; 'am,': 0.29; 'message- id:@mail.gmail.com': 0.30; 'announced': 0.31; 'away.': 0.31; "d'aprano": 0.31; 'larry': 0.31; 'microsoft,': 0.31; 'sep': 0.31; 'skip:/ 80': 0.31; 'steven': 0.31; 'this.': 0.32; 'probably': 0.32; 'running': 0.33; 'mac': 0.33; 'updated': 0.34; 'could': 0.34; 'problem': 0.35; "can't": 0.35; 'case,': 0.35; 'no,': 0.35; 'test': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'google': 0.35; 'there': 0.35; 'really': 0.36; 'dates': 0.36; 'done': 0.36; "didn't": 0.36; 'apple': 0.38; 'needed': 0.38; 'to:addr:python- list': 0.38; 'pm,': 0.38; 'anything': 0.39; 'expect': 0.39; 'to:addr:python.org': 0.39; 'how': 0.40; 'total': 0.65; 'anything.': 0.68; 'soon.': 0.71; '408': 0.84; 'wheel': 0.84; 'old,': 0.85; 'imagine': 0.93; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=nVmSnyGR7FZn3KzIUExBIpDgc+VewT1lRgA43wD6EUE=; b=FgrxMdIEuC3USrcoqMqiuXJK+1p9UEhYTn9YwND0h4Zg3cZ2kri9+Hp37JpqGmkS/x WW5tckntEW8AgUpQbLr+w7tC18kebd6My5RVOu4S0iH46+DahsN5xvn75FbYSizgVo9z o9EtJeIqc8B+uuprsGEgSi32Q7KneK7iztU9+XhzKf6AL2WSy5CPfpl+5gQNsKFEFKUG wRdOTXTswxeJhhI8g4H51/LH3fKOSx/ds8aczWcl4i+PrwmZbtW9N55DRIoQOGwJO+ZH sduM9zEVErhGUDoqulH0E9S5GZG2zPzpS+FeQqxBxzVSUNDWw68nV7wb2b7CFs6Hy06B 2AFw== MIME-Version: 1.0 X-Received: by 10.194.232.232 with SMTP id tr8mr6936776wjc.21.1411069567761; Thu, 18 Sep 2014 12:46:07 -0700 (PDT) In-Reply-To: References: <541b1158$0$29967$c3e8da3$5496439d@news.astraweb.com> Date: Thu, 18 Sep 2014 13:46:07 -0600 Subject: Re: hashlib suddenly broken From: Larry Martell To: "python-list@python.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 62 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1411069574 news.xs4all.nl 2933 [2001:888:2000:d::a6]:40782 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:78040 On Thu, Sep 18, 2014 at 1:22 PM, Larry Martell wrote: > On Thu, Sep 18, 2014 at 11:07 AM, Steven D'Aprano > wrote: >> Larry Martell wrote: >> >>> I am on a mac running 10.8.5, python 2.7 >>> >>> Suddenly, many of my scripts started failing with: >>> >>> ValueError: unsupported hash type sha1 >> [...] >>> This just started happening yesterday, and I cannot think of anything >>> that I've done that could cause this. >> >> Ah, the ol' "I didn't change anything, I swear!" excuse *wink* >> >> But seriously... did you perhaps upgrade Python prior to yesterday? Or >> possibly an automatic update ran? > > No, I did not upgrade or install anything. > >> Check the creation/last modified dates on: >> >> /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py > > That was in my original post: > > $ ls -l /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py > -rw-r--r-- 1 root wheel 5013 Apr 12 2013 > /System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py > > >> but I expect that's probably not where the problem lies. My *wild guess* is >> that your system updated SSL, and removed some underlying SHA-1 library >> needed by hashlib. SHA-1 is pretty old, and there is now a known attack on >> it, so some over-zealous security update may have removed it. >> >> If that's the case, it really is over-zealous, for although SHA-1 is >> deprecated, the threat is still some years away. Microsoft, Google and >> Mozilla have all announced that they will continue accepting it until 2017. >> I can't imagine why Apple would removed it so soon. > > > So you know how I could check and see if I have SHA-1 and when my SSL > was updated? Nothing appears to have been recently changed: $ ls -la /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL total 224 drwxr-xr-x 12 root wheel 408 Jun 20 2012 . drwxr-xr-x 41 root wheel 1394 Apr 13 2013 .. -rwxr-xr-x 1 root wheel 124736 Apr 12 2013 SSL.so -rw-r--r-- 1 root wheel 965 Apr 12 2013 __init__.py -rw-r--r-- 1 root wheel 991 Apr 12 2013 __init__.pyc -rwxr-xr-x 1 root wheel 168544 Apr 12 2013 crypto.so -rwxr-xr-x 1 root wheel 40864 Apr 12 2013 rand.so drwxr-xr-x 12 root wheel 408 Jun 20 2012 test -rw-r--r-- 1 root wheel 1010 Apr 12 2013 tsafe.py -rw-r--r-- 1 root wheel 1775 Apr 12 2013 tsafe.pyc -rw-r--r-- 1 root wheel 176 Apr 12 2013 version.py -rw-r--r-- 1 root wheel 293 Apr 12 2013 version.pyc