Groups > comp.lang.python > #19013

Re: Hash stability

Path	csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!cs.uu.nl!news.stack.nl!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path	<python-python-list@m.gmane.org>
X-Original-To	python-list@python.org
Delivered-To	python-list@mail.python.org
X-Spam-Status	OK 0.016
X-Spam-Evidence	'H': 0.97; 'S': 0.00; 'commonly': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:80.91.229.12': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'received:lo.gmane.org': 0.09; 'referenced': 0.09; 'algorithm': 0.13; 'cache,': 0.16; 'caches': 0.16; 'from:addr:behnel.de': 0.16; 'from:addr:stefan_ml': 0.16; 'from:name:stefan behnel': 0.16; 'robust.': 0.16; 'advance': 0.17; 'input': 0.21; '(or': 0.22; 'header:In-Reply-To:1': 0.22; 'stefan': 0.24; 'bit': 0.28; 'url:wiki': 0.29; 'calculated': 0.30; 'hash': 0.30; 'chris': 0.30; 'quite': 0.31; "i've": 0.31; 'point,': 0.32; "isn't": 0.32; 'header:User-Agent:1': 0.33; 'to:addr:python-list': 0.33; 'there': 0.33; 'received:84': 0.34; 'rather': 0.34; 'algorithms': 0.34; 'function.': 0.34; 'header:X -Complaints-To:1': 0.34; 'something': 0.35; 'things': 0.35; 'however,': 0.35; 'file': 0.35; 'data.': 0.36; 'example,': 0.36; 'depend': 0.36; 'received:org': 0.37; 'some': 0.38; 'should': 0.38; 'e.g.': 0.38; 'url:en': 0.39; 'url:org': 0.39; 'being': 0.39; 'files': 0.39; 'subject:: ': 0.39; 'to:addr:python.org': 0.40; 'more': 0.61; 'course,': 0.61; 'subject': 0.62; 'choice.': 0.64; 'stability': 0.67; 'storage': 0.68; 'presents': 0.71; 'proclaimed': 0.84; 'attacks': 0.93; 'complexity': 0.93
X-Injected-Via-Gmane	http://gmane.org/
To	python-list@python.org
From	Stefan Behnel <stefan_ml@behnel.de>
Subject	Re: Hash stability
Date	Sun, 15 Jan 2012 18:20:02 +0100
References	<4f1107b7$0$29988$c3e8da3$5496439d@news.astraweb.com> <jeritr$4sb$1@dough.gmane.org> <4F1205A7.70303@modelnine.org> <jeu8t4$2kc$1@dough.gmane.org> <4F12BC8A.9040205@modelnine.org> <jeugdp$e1b$1@dough.gmane.org> <4F12F9D8.5080904@modelnine.org> <CAPTjJmo3TX=Am9SZ_=sxKN65KXLywQRp9Ag-r=mH5JgEiUJxJA@mail.gmail.com>
Mime-Version	1.0
Content-Type	text/plain; charset=UTF-8
Content-Transfer-Encoding	7bit
X-Gmane-NNTP-Posting-Host	dslb-084-056-000-204.pools.arcor-ip.net
User-Agent	Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111220 Thunderbird/9.0
In-Reply-To	<CAPTjJmo3TX=Am9SZ_=sxKN65KXLywQRp9Ag-r=mH5JgEiUJxJA@mail.gmail.com>
X-BeenThere	python-list@python.org
X-Mailman-Version	2.1.12
Precedence	list
List-Id	General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe	<http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive	<http://mail.python.org/pipermail/python-list>
List-Post	<mailto:python-list@python.org>
List-Help	<mailto:python-list-request@python.org?subject=help>
List-Subscribe	<http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups	comp.lang.python
Message-ID	<mailman.4777.1326648019.27778.python-list@python.org> (permalink)
Lines	22
NNTP-Posting-Host	2001:888:2000:d::a6
X-Trace	1326648019 news.xs4all.nl 6876 [2001:888:2000:d::a6]:36309
X-Complaints-To	abuse@xs4all.nl
Xref	x330-a1.tempe.blueboxinc.net comp.lang.python:19013

Show key headers only | View raw

Chris Angelico, 15.01.2012 17:13:
> Of course, it's still dodgy to depend on the stability of something
> that isn't proclaimed stable, and would be far better to use some
> other hashing algorithm (MD5 or SHA for uberreliability).

I've seen things like MD5 or SHA* being used quite commonly for file caches
(or file storage in general, e.g. for related files referenced in a text
document). Given that these algorithms are right there in the stdlib, I
find them a rather obvious choice.

However, note that they may also be subject to complexity attacks at some
point, although likely requiring substantially more input data. In the
specific case of a cache, an attacker may only need an arbitrary set of
colliding hashes. Those can be calculated in advance for a given hash
function. For example, Wikipedia currently presents MD5 with a collision
complexity of ~2^20, that sounds a bit weak. Something like SHA256 should
be substantially more robust.

https://en.wikipedia.org/wiki/Cryptographic_hash_function#Cryptographic_hash_algorithms

Stefan

Thread

Hash stability Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-01-14 04:42 +0000
  Re: Hash stability Peter Otten <__peter__@web.de> - 2012-01-14 10:46 +0100
  Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-14 23:45 +0100
  Re: Hash stability Chris Angelico <rosuav@gmail.com> - 2012-01-15 11:36 +1100
    Re: Hash stability Bryan <bryanjugglercryptographer@yahoo.com> - 2012-01-15 04:03 -0800
      Re: Hash stability Chris Angelico <rosuav@gmail.com> - 2012-01-15 23:21 +1100
  Re: Hash stability Roy Smith <roy@panix.com> - 2012-01-14 21:26 -0500
    Re: Hash stability Terry Reedy <tjreedy@udel.edu> - 2012-01-14 23:07 -0500
  Re: Hash stability Stefan Behnel <stefan_ml@behnel.de> - 2012-01-15 11:13 +0100
  Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-15 12:46 +0100
  Re: Hash stability Peter Otten <__peter__@web.de> - 2012-01-15 13:22 +0100
  Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-15 17:07 +0100
  Re: Hash stability Chris Angelico <rosuav@gmail.com> - 2012-01-16 03:13 +1100
  Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-15 17:51 +0100
  Re: Hash stability Stefan Behnel <stefan_ml@behnel.de> - 2012-01-15 18:20 +0100
  Re: Hash stability Peter Otten <__peter__@web.de> - 2012-01-16 09:18 +0100
  Re: Hash stability Christian Heimes <lists@cheimes.de> - 2012-01-16 09:44 +0100
  Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-16 10:15 +0100

csiph-web