Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 9480129db921e84253d3b2a8c8e8becb5f8934b3 / . / docs / hazmat / primitives / cryptographic-hashes.rst
blob: e7b4f2d69223af7a22b4c562049ab7ff17b90bea [file] [log] [blame]
Alex Gaynoraf82d5e2013-10-29 17:07:24 -0700[diff] [blame]1.. hazmat::
Donald Stufftd8f01182013-10-27 16:59:56 -0400[diff] [blame]2
Donald Stuffte51fb932013-10-27 17:26:17 -0400[diff] [blame]3Message Digests
4===============
5
Donald Stufftf04317a2013-10-27 16:44:30 -0400[diff] [blame]6.. currentmodule:: cryptography.hazmat.primitives.hashes
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]7
David Reid30b16132013-10-31 13:37:24 -0700[diff] [blame]8.. class:: Hash(algorithm)
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]9
David Reid55602982013-11-01 13:34:05 -0700[diff] [blame]10 A cryptographic hash function takes an arbitrary block of data and
11 calculates a fixed-size bit string (a digest), such that different data
12 results (with a high probability) in different digests.
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]13
David Reid55602982013-11-01 13:34:05 -0700[diff] [blame]14 This is an implementation of
Alex Gaynorab5f0112013-11-08 10:34:00 -0800[diff] [blame]15 :class:`~cryptography.hazmat.primitives.interfaces.HashContext` meant to
David Reid55602982013-11-01 13:34:05 -0700[diff] [blame]16 be used with
Alex Gaynorab5f0112013-11-08 10:34:00 -0800[diff] [blame]17 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
David Reid55602982013-11-01 13:34:05 -0700[diff] [blame]18 implementations to provide an incremental interface to calculating
19 various message digests.
Alex Gaynor23d01a22013-10-28 10:14:46 -0700[diff] [blame]20
21 .. doctest::
22
23 >>> from cryptography.hazmat.primitives import hashes
David Reid30b16132013-10-31 13:37:24 -0700[diff] [blame]24 >>> digest = hashes.Hash(hashes.SHA256())
Alex Gaynor23d01a22013-10-28 10:14:46 -0700[diff] [blame]25 >>> digest.update(b"abc")
26 >>> digest.update(b"123")
David Reid30b16132013-10-31 13:37:24 -0700[diff] [blame]27 >>> digest.finalize()
28 'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90'
Alex Gaynorf3b06cd2013-10-21 21:49:50 -0700[diff] [blame]29
Alex Gaynor94801292013-11-13 10:33:01 -0800[diff] [blame^]30 Keep in mind that attacks against cryptographic hashes only get stronger
31 with time, and that often algorithms that were once thought to be strong,
32 become broken. Because of this it's important to include a plan for
33 upgrading the hash algorithm you use over time. For more information, see
34 `Lifetimes of cryptographic hash functions`_.
35
Paul Kehrer6b9ddeb2013-10-19 12:28:15 -0500[diff] [blame]36 .. method:: update(data)
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]37
Alex Gaynorddc62f02013-10-20 06:14:24 -0700[diff] [blame]38 :param bytes data: The bytes you wish to hash.
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]39
40 .. method:: copy()
41
Paul Kehrer6b9ddeb2013-10-19 12:28:15 -0500[diff] [blame]42 :return: a new instance of this object with a copied internal state.
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]43
David Reid30b16132013-10-31 13:37:24 -0700[diff] [blame]44 .. method:: finalize()
Alex Gaynor14968452013-11-01 14:05:14 -0700[diff] [blame]45
David Reid55602982013-11-01 13:34:05 -0700[diff] [blame]46 Finalize the current context and return the message digest as bytes.
47
48 Once ``finalize`` is called this object can no longer be used.
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]49
50 :return bytes: The message digest as bytes.
51
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]52
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]53SHA-1
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]54~~~~~
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]55
56.. attention::
57
58 NIST has deprecated SHA-1 in favor of the SHA-2 variants. New applications
59 are strongly suggested to use SHA-2 over SHA-1.
60
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]61.. class:: SHA1()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]62
63 SHA-1 is a cryptographic hash function standardized by NIST. It has a
64 160-bit message digest.
65
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]66SHA-2 Family
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]67~~~~~~~~~~~~
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]68
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]69.. class:: SHA224()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]70
71 SHA-224 is a cryptographic hash function from the SHA-2 family and
72 standardized by NIST. It has a 224-bit message digest.
73
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]74.. class:: SHA256()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]75
76 SHA-256 is a cryptographic hash function from the SHA-2 family and
77 standardized by NIST. It has a 256-bit message digest.
78
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]79.. class:: SHA384()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]80
81 SHA-384 is a cryptographic hash function from the SHA-2 family and
82 standardized by NIST. It has a 384-bit message digest.
83
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]84.. class:: SHA512()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]85
86 SHA-512 is a cryptographic hash function from the SHA-2 family and
87 standardized by NIST. It has a 512-bit message digest.
88
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]89RIPEMD160
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]90~~~~~~~~~
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]91
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]92.. class:: RIPEMD160()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]93
94 RIPEMD160 is a cryptographic hash function that is part of ISO/IEC
95 10118-3:2004. It has a 160-bit message digest.
96
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]97Whirlpool
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]98~~~~~~~~~
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]99
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]100.. class:: Whirlpool()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]101
102 Whirlpool is a cryptographic hash function that is part of ISO/IEC
103 10118-3:2004. It has a 512-bit message digest.
104
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]105MD5
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]106~~~
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]107
108.. warning::
109
110 MD5 is a deprecated hash algorithm that has practical known collision
Alex Gaynorab5f0112013-11-08 10:34:00 -0800[diff] [blame]111 attacks. You are strongly discouraged from using it. Existing applications
112 should strongly consider moving away.
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]113
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]114.. class:: MD5()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]115
Paul Kehrer2b9b3012013-10-22 17:09:38 -0500[diff] [blame]116 MD5 is a deprecated cryptographic hash function. It has a 128-bit message
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]117 digest and has practical known collision attacks.
Alex Gaynor94801292013-11-13 10:33:01 -0800[diff] [blame^]118
119
120.. _`Lifetimes of cryptographic hash functions`: http://valerieaurora.org/hash.html