From 960d84a5491f3cdf83e7380f016bbe32dbe4036c Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Mon, 27 Jan 2025 01:15:29 -0500 Subject: [PATCH] gh-129327: revise hashlib documentation to account for FIPS removing sha1 --- Doc/library/hashlib.rst | 7 ++++--- .../2025-01-27-01-21-55.gh-issue-129327.sv2NB1.rst | 2 ++ 2 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 Misc/NEWS.d/next/Documentation/2025-01-27-01-21-55.gh-issue-129327.sv2NB1.rst diff --git a/Doc/library/hashlib.rst b/Doc/library/hashlib.rst index dffb167c74771f..103f86361c29bf 100644 --- a/Doc/library/hashlib.rst +++ b/Doc/library/hashlib.rst @@ -21,9 +21,10 @@ -------------- This module implements a common interface to many different secure hash and -message digest algorithms. Included are the FIPS secure hash algorithms SHA1, -SHA224, SHA256, SHA384, SHA512, (defined in `the FIPS 180-4 standard`_), -the SHA-3 series (defined in `the FIPS 202 standard`_) as well as RSA's MD5 +message digest algorithms. Included are the FIPS secure hash algorithms +SHA224, SHA256, SHA384, SHA512, (defined in `the FIPS 180-4 standard`_), the +SHA-3 series (defined in `the FIPS 202 standard`_) as well as the legacy +insecure algorithms SHA1 (formerly part of FIPS) and RSA's MD5 algorithm (defined in internet :rfc:`1321`). The terms "secure hash" and "message digest" are interchangeable. Older algorithms were called message digests. The modern term is secure hash. diff --git a/Misc/NEWS.d/next/Documentation/2025-01-27-01-21-55.gh-issue-129327.sv2NB1.rst b/Misc/NEWS.d/next/Documentation/2025-01-27-01-21-55.gh-issue-129327.sv2NB1.rst new file mode 100644 index 00000000000000..c1b79e3959af74 --- /dev/null +++ b/Misc/NEWS.d/next/Documentation/2025-01-27-01-21-55.gh-issue-129327.sv2NB1.rst @@ -0,0 +1,2 @@ +Clarify that hashlib's SHA1 is no longer a FIPS secure algorithm. Patch by +Eli Schwartz.