On 8 Feb., 18:36, "James Bennett" <[EMAIL PROTECTED]> wrote: > On 2/8/07, Rob Hudson <[EMAIL PROTECTED]> wrote: > > > Since SHA-1 was recently found to have some collisions, and since sha > > is deprecated in Python 2.5 in favor of hashlib, should an attempt to > > import hashlib be added to contrib.auth.models (both check_password > > and set_password) so when Python 2.5 becomes more mainstream, this > > will be picked up by default? > > Using hashlib to generate SHA1 when it's available is something I > could get behind. Deprecating SHA1 hashes, not so much -- *every* hash > algorithm, inevitably, will have collisions
Yes. That's why they're called hashes. What's bad now is if you can generate collisions faster than by brute force, which is exactly what was happening. This is very different. Basically your hash doesn't mean anything anymore if Joe Random Cracker can present you any data he wants and your hash algorithm still says "Yes, correct". > And collisions, by themselves, don't make an algorithm useless for > what we want out of it, which is a roughly unique representation of a > password that isn't the password itself. Generating a collision > wouldn't mean you could log in as someone else, it'd mean you could > have two users with the same password hash, and that -- since auth > lookups start with the username and not the password hash, and require > a match on *both* columns -- doesn't cause a problem either. Just as > two users in a non-hashing system could both have the password > "secret123" without interfering with one another, two users in a > hashing system can have the same password hash without interfering > with one another. Which would be right, if you couldn't use a broken hash algorithm to login without the right password, but something that just generates the same hash - in other words, knowing the hash (poking at the db, SQL injection, anything) you don't need the password. It's like storing a clear text password, and you wouldn't argue that's a good idea, no? Alas, the current situation with SHA-1 isn't that bad, there are still enough bits left, but any algorithm with one successful attack has historically been taken apart. Could happen again. Right now, there is now real alternative, the larger SHAs are probably vulnerable to the same attack vector and WHIRLPOOL's still young (but looks good so far). Regards, Thomas (nitpicker) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
