Change the default from SHA1 about itsdangerous HOT 10 CLOSED

in the wild

That particular aspect is incorrect, but I agree we should change the default.

from itsdangerous.

Are we okay with SHA-256? Should be fine, just want to make sure. Could also just go all the way to SHA-512.

from itsdangerous.

SHA-512 performs 80 rounds with a blocksize of 1024 bits, whilst SHA-256 performs 64 rounds with a blocksize of 512 bits. This leads to SHA-512 being faster on 64-bit machines for message lengths of more than a few hundred bits.

There are potential legacy client support issues with SHA-512 vs SHA-256, but performance at least should not be a reason to only use SHA-256 (and in fact may be a reason to use SHA-512).

from itsdangerous.

Hmm, looks like this already came up before in #66, which I closed because hash security isn't representative of HMAC security. Is there actually any issue with SHA-1 as it's used in this library?

from itsdangerous.

Looks like you're right about that, closing.

from itsdangerous.

See this chat transcript for more discussion: http://chat.stackoverflow.com/transcript/message/35836840#35836840

from itsdangerous.

I would vote to still upgrade to sha256 for added security.

from itsdangerous.

Unfortunately, I'm out of my element here. Is it actually adding any security as opposed to just taking longer to generate longer hashes? I emailed the cryptography-dev mailinglist to see if some devs with more experience in this area could weigh in. (Hopefully that was the right place to ask.)

from itsdangerous.

With current knowledge it doesn't change anything, but it just seems generally safer should that knowledge change.

from itsdangerous.

See #80, I'm upgrading this to SHA-512 after more discussion.

from itsdangerous.