MD6 in Python

[mikle3]

As every one related to security probably knows, Rivest (and his
friends) have a new hashing algorithm which is supposed to have none
of the weaknesses of MD5 (and as a side benefit - not too many rainbow
tables yet). His code if publicly available under the MIT license.

Is there a reason not to add it to the standard lib, following the
hashlib "protocol"?

 

[mikle3]

Somebody has to write and add a md6 wrapper to the standard library.
It's going to take some time, at least 18 months until Python 2.8 and
3.2 are going to be released.

Do you need a wrapper for md6? I could easily write one in about an hour.

Christian

It's not that I need it, I can sure use it. I can also write a wrapper
myself.
My secret agenda is too see if other people want it and write it as an
addition to the standard lib, thus wetting my feet in Python Core
Development without actually breaking anything

 

[Robert Kern]

It's not that I need it, I can sure use it. I can also write a wrapper
myself.
My secret agenda is too see if other people want it and write it as an
addition to the standard lib, thus wetting my feet in Python Core
Development without actually breaking anything

My gut feeling is that it's too new. In a year, the current round of the SHA-3
competition will be over, you will have much more information about how MD6
fares against its competitors, and you will still have some time to get it into
Python 2.8/3.2. We don't actually *know* that it doesn't have equivalent
weaknesses until the cryptanalysts try to break it for a year or so.

--
Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco

 

[Terry Reedy]

Somebody has to write and add a md6 wrapper to the standard library.
It's going to take some time, at least 18 months until Python 2.8 and

2.7 is next

 

[Terry Reedy]

On 2009-06-05 16:09, (e-mail address removed) wrote:

My gut feeling is that it's too new. In a year, the current round of the
SHA-3 competition will be over, you will have much more information
about how MD6 fares against its competitors, and you will still have

A wrapper could go on PyPI now so it can be tested in use *before* going
in the stdlib. No commit or pre-review needed either.

 

[Aahz]

2.7rc1 is already out. There is no way a new piece of code will land in
the 2.7 release.

Um, what? You mean 3.1rc1, right? Nevertheless, my understanding is
that 2.7 is mostly restricted to code landed in 3.1, so your second
statement is roughly correct.
--
Aahz ([email protected]) <*> http://www.pythoncraft.com/

"Given that C++ has pointers and typecasts, it's really hard to have a
serious conversation about type safety with a C++ programmer and keep a
straight face. It's kind of like having a guy who juggles chainsaws
wearing body armor arguing with a guy who juggles rubber chickens wearing
a T-shirt about who's in more danger." --Roy Smith, c.l.py, 2004.05.23

 

[Terry Reedy]

Um, what? You mean 3.1rc1, right? Nevertheless, my understanding is
that 2.7 is mostly restricted to code landed in 3.1, so your second
statement is roughly correct.

My understanding is that 2.7 will come out about the same time as 3.2
and will contain 3.2 backports also. New features are being marked on
the issue tracker as for 2.7/3.2. There may or may not be a 2.8.

(It was once intended that 2.7 come out with 3.1, but that changed when
it was decided to cut the life of 3.0 and bring out 3.1 after 6 months.)

tjr

 

[Steven D'Aprano]

Here you go http://pypi.python.org/pypi/md6

It's still a bit rough, totally untested but it should work.

Oh you're a cruel, cruel man! The OP wanted to do that

 

[mikle3]

Oh you're a cruel, cruel man! The OP wanted to do that

Hehe, well I sure did learn my lesson here
I guess I can still say it was my idea, and the fact that someone done
is good for the community.

I'll just have to find something else and not tell you bastards about
it.

 

[Aahz]

My understanding is that 2.7 will come out about the same time as 3.2
and will contain 3.2 backports also. New features are being marked on
the issue tracker as for 2.7/3.2. There may or may not be a 2.8.

(It was once intended that 2.7 come out with 3.1, but that changed when
it was decided to cut the life of 3.0 and bring out 3.1 after 6 months.)

Right, but it was my understanding that work on releasing 2.7 would
commence immediately after 3.1, and that 3.2 would happen after 2.7.
Maybe we should take this to python-dev... ;-)