Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #19013

Re: Hash stability

From Stefan Behnel <stefan_ml@behnel.de>
Subject Re: Hash stability
Date 2012-01-15 18:20 +0100
References (3 earlier) <jeu8t4$2kc$1@dough.gmane.org> <4F12BC8A.9040205@modelnine.org> <jeugdp$e1b$1@dough.gmane.org> <4F12F9D8.5080904@modelnine.org> <CAPTjJmo3TX=Am9SZ_=sxKN65KXLywQRp9Ag-r=mH5JgEiUJxJA@mail.gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.4777.1326648019.27778.python-list@python.org> (permalink)

Show all headers | View raw

Chris Angelico, 15.01.2012 17:13:
> Of course, it's still dodgy to depend on the stability of something
> that isn't proclaimed stable, and would be far better to use some
> other hashing algorithm (MD5 or SHA for uberreliability).

I've seen things like MD5 or SHA* being used quite commonly for file caches
(or file storage in general, e.g. for related files referenced in a text
document). Given that these algorithms are right there in the stdlib, I
find them a rather obvious choice.

However, note that they may also be subject to complexity attacks at some
point, although likely requiring substantially more input data. In the
specific case of a cache, an attacker may only need an arbitrary set of
colliding hashes. Those can be calculated in advance for a given hash
function. For example, Wikipedia currently presents MD5 with a collision
complexity of ~2^20, that sounds a bit weak. Something like SHA256 should
be substantially more robust.

https://en.wikipedia.org/wiki/Cryptographic_hash_function#Cryptographic_hash_algorithms

Stefan

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Hash stability Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-01-14 04:42 +0000
  Re: Hash stability Peter Otten <__peter__@web.de> - 2012-01-14 10:46 +0100
  Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-14 23:45 +0100
  Re: Hash stability Chris Angelico <rosuav@gmail.com> - 2012-01-15 11:36 +1100
    Re: Hash stability Bryan <bryanjugglercryptographer@yahoo.com> - 2012-01-15 04:03 -0800
      Re: Hash stability Chris Angelico <rosuav@gmail.com> - 2012-01-15 23:21 +1100
  Re: Hash stability Roy Smith <roy@panix.com> - 2012-01-14 21:26 -0500
    Re: Hash stability Terry Reedy <tjreedy@udel.edu> - 2012-01-14 23:07 -0500
  Re: Hash stability Stefan Behnel <stefan_ml@behnel.de> - 2012-01-15 11:13 +0100
  Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-15 12:46 +0100
  Re: Hash stability Peter Otten <__peter__@web.de> - 2012-01-15 13:22 +0100
  Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-15 17:07 +0100
  Re: Hash stability Chris Angelico <rosuav@gmail.com> - 2012-01-16 03:13 +1100
  Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-15 17:51 +0100
  Re: Hash stability Stefan Behnel <stefan_ml@behnel.de> - 2012-01-15 18:20 +0100
  Re: Hash stability Peter Otten <__peter__@web.de> - 2012-01-16 09:18 +0100
  Re: Hash stability Christian Heimes <lists@cheimes.de> - 2012-01-16 09:44 +0100
  Re: Hash stability Heiko Wundram <modelnine@modelnine.org> - 2012-01-16 10:15 +0100

csiph-web