From: Tim Peters Date: Fri, 16 Dec 2005 23:13:57 +0000 (+0000) Subject: More text about the pragmatic significance of hashlib. X-Git-Tag: v2.5a0~1011 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e3547fd2f7b8246113817841e55fe47556f3f41a;p=thirdparty%2FPython%2Fcpython.git More text about the pragmatic significance of hashlib. --- diff --git a/Misc/NEWS b/Misc/NEWS index c2f494a4f187..1b6ef048320a 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -27,7 +27,7 @@ Core and builtins at ftp.unicode.org and contain a few updates (e.g. the Mac OS encodings now include a mapping for the Apple logo) -- Added a few more codecs for Mac OS encodings +- Added a few more codecs for Mac OS encodings - Speed up some Unicode operations. @@ -293,7 +293,16 @@ Library ------- - Added the hashlib module. It provides secure hash functions for MD5 and - SHA1, 224, 256, 384, and 512. + SHA1, 224, 256, 384, and 512. Note that recent developments make the + historic MD5 and SHA1 unsuitable for cryptographic-strength applications. + In + Ronald L. Rivest offered this advice for Python: + + "The consensus of researchers in this area (at least as + expressed at the NIST Hash Function Workshop 10/31/05), + is that SHA-256 is a good choice for the time being, but + that research should continue, and other alternatives may + arise from this research. The larger SHA's also seem OK." - Added a subset of Fredrik Lundh's ElementTree package. Available modules are xml.etree.ElementTree, xml.etree.ElementPath, and @@ -458,13 +467,13 @@ Library disables recursive traversal through instance attributes, which can be exploited in various ways. -- Bug #1222790: in SimpleXMLRPCServer, set the reuse-address and close-on-exec +- Bug #1222790: in SimpleXMLRPCServer, set the reuse-address and close-on-exec flags on the HTTP listening socket. - Bug #792570: SimpleXMLRPCServer had problems if the request grew too large. Fixed by reading the HTTP body in chunks instead of one big socket.read(). -- Patches #893642, #1039083: add allow_none, encoding arguments to constructors of +- Patches #893642, #1039083: add allow_none, encoding arguments to constructors of SimpleXMLRPCServer and CGIXMLRPCRequestHandler. - Bug #1110478: Revert os.environ.update to do putenv again.