| Alex Gaynor | af82d5e | 2013-10-29 17:07:24 -0700 | [diff] [blame] | 1 | .. hazmat:: |
| Donald Stufft | d8f0118 | 2013-10-27 16:59:56 -0400 | [diff] [blame] | 2 | |
| Donald Stufft | e51fb93 | 2013-10-27 17:26:17 -0400 | [diff] [blame] | 3 | Message Digests |
| 4 | =============== |
| 5 | |
| Donald Stufft | f04317a | 2013-10-27 16:44:30 -0400 | [diff] [blame] | 6 | .. currentmodule:: cryptography.hazmat.primitives.hashes |
| David Reid | 1f3d718 | 2013-10-22 16:55:18 -0700 | [diff] [blame] | 7 | |
| David Reid | 30b1613 | 2013-10-31 13:37:24 -0700 | [diff] [blame] | 8 | .. class:: Hash(algorithm) |
| Matthew Iversen | 505491b | 2013-10-19 15:56:17 +1100 | [diff] [blame] | 9 | |
| David Reid | 5560298 | 2013-11-01 13:34:05 -0700 | [diff] [blame] | 10 | A cryptographic hash function takes an arbitrary block of data and |
| 11 | calculates a fixed-size bit string (a digest), such that different data |
| 12 | results (with a high probability) in different digests. |
| Matthew Iversen | 505491b | 2013-10-19 15:56:17 +1100 | [diff] [blame] | 13 | |
| David Reid | 5560298 | 2013-11-01 13:34:05 -0700 | [diff] [blame] | 14 | This is an implementation of |
| 15 | :class:`cryptography.hazmat.primitives.interfaces.HashContext` meant to |
| 16 | be used with |
| 17 | :class:`cryptography.hazmat.primitives.interfaces.HashAlgorithm` |
| 18 | implementations to provide an incremental interface to calculating |
| 19 | various message digests. |
| Alex Gaynor | 23d01a2 | 2013-10-28 10:14:46 -0700 | [diff] [blame] | 20 | |
| 21 | .. doctest:: |
| 22 | |
| 23 | >>> from cryptography.hazmat.primitives import hashes |
| David Reid | 30b1613 | 2013-10-31 13:37:24 -0700 | [diff] [blame] | 24 | >>> digest = hashes.Hash(hashes.SHA256()) |
| Alex Gaynor | 23d01a2 | 2013-10-28 10:14:46 -0700 | [diff] [blame] | 25 | >>> digest.update(b"abc") |
| 26 | >>> digest.update(b"123") |
| David Reid | 30b1613 | 2013-10-31 13:37:24 -0700 | [diff] [blame] | 27 | >>> digest.finalize() |
| 28 | 'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90' |
| Alex Gaynor | f3b06cd | 2013-10-21 21:49:50 -0700 | [diff] [blame] | 29 | |
| Paul Kehrer | 6b9ddeb | 2013-10-19 12:28:15 -0500 | [diff] [blame] | 30 | .. method:: update(data) |
| Matthew Iversen | 505491b | 2013-10-19 15:56:17 +1100 | [diff] [blame] | 31 | |
| Alex Gaynor | ddc62f0 | 2013-10-20 06:14:24 -0700 | [diff] [blame] | 32 | :param bytes data: The bytes you wish to hash. |
| Matthew Iversen | 505491b | 2013-10-19 15:56:17 +1100 | [diff] [blame] | 33 | |
| 34 | .. method:: copy() |
| 35 | |
| Paul Kehrer | 6b9ddeb | 2013-10-19 12:28:15 -0500 | [diff] [blame] | 36 | :return: a new instance of this object with a copied internal state. |
| Matthew Iversen | 505491b | 2013-10-19 15:56:17 +1100 | [diff] [blame] | 37 | |
| David Reid | 30b1613 | 2013-10-31 13:37:24 -0700 | [diff] [blame] | 38 | .. method:: finalize() |
| Alex Gaynor | 1496845 | 2013-11-01 14:05:14 -0700 | [diff] [blame] | 39 | |
| David Reid | 5560298 | 2013-11-01 13:34:05 -0700 | [diff] [blame] | 40 | Finalize the current context and return the message digest as bytes. |
| 41 | |
| 42 | Once ``finalize`` is called this object can no longer be used. |
| Matthew Iversen | 505491b | 2013-10-19 15:56:17 +1100 | [diff] [blame] | 43 | |
| 44 | :return bytes: The message digest as bytes. |
| 45 | |
| Matthew Iversen | 505491b | 2013-10-19 15:56:17 +1100 | [diff] [blame] | 46 | |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 47 | SHA-1 |
| Matthew Iversen | 505491b | 2013-10-19 15:56:17 +1100 | [diff] [blame] | 48 | ~~~~~ |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 49 | |
| 50 | .. attention:: |
| 51 | |
| 52 | NIST has deprecated SHA-1 in favor of the SHA-2 variants. New applications |
| 53 | are strongly suggested to use SHA-2 over SHA-1. |
| 54 | |
| David Reid | 1f3d718 | 2013-10-22 16:55:18 -0700 | [diff] [blame] | 55 | .. class:: SHA1() |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 56 | |
| 57 | SHA-1 is a cryptographic hash function standardized by NIST. It has a |
| 58 | 160-bit message digest. |
| 59 | |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 60 | SHA-2 Family |
| Matthew Iversen | 505491b | 2013-10-19 15:56:17 +1100 | [diff] [blame] | 61 | ~~~~~~~~~~~~ |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 62 | |
| David Reid | 1f3d718 | 2013-10-22 16:55:18 -0700 | [diff] [blame] | 63 | .. class:: SHA224() |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 64 | |
| 65 | SHA-224 is a cryptographic hash function from the SHA-2 family and |
| 66 | standardized by NIST. It has a 224-bit message digest. |
| 67 | |
| David Reid | 1f3d718 | 2013-10-22 16:55:18 -0700 | [diff] [blame] | 68 | .. class:: SHA256() |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 69 | |
| 70 | SHA-256 is a cryptographic hash function from the SHA-2 family and |
| 71 | standardized by NIST. It has a 256-bit message digest. |
| 72 | |
| David Reid | 1f3d718 | 2013-10-22 16:55:18 -0700 | [diff] [blame] | 73 | .. class:: SHA384() |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 74 | |
| 75 | SHA-384 is a cryptographic hash function from the SHA-2 family and |
| 76 | standardized by NIST. It has a 384-bit message digest. |
| 77 | |
| David Reid | 1f3d718 | 2013-10-22 16:55:18 -0700 | [diff] [blame] | 78 | .. class:: SHA512() |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 79 | |
| 80 | SHA-512 is a cryptographic hash function from the SHA-2 family and |
| 81 | standardized by NIST. It has a 512-bit message digest. |
| 82 | |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 83 | RIPEMD160 |
| Matthew Iversen | 505491b | 2013-10-19 15:56:17 +1100 | [diff] [blame] | 84 | ~~~~~~~~~ |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 85 | |
| David Reid | 1f3d718 | 2013-10-22 16:55:18 -0700 | [diff] [blame] | 86 | .. class:: RIPEMD160() |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 87 | |
| 88 | RIPEMD160 is a cryptographic hash function that is part of ISO/IEC |
| 89 | 10118-3:2004. It has a 160-bit message digest. |
| 90 | |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 91 | Whirlpool |
| Matthew Iversen | 505491b | 2013-10-19 15:56:17 +1100 | [diff] [blame] | 92 | ~~~~~~~~~ |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 93 | |
| David Reid | 1f3d718 | 2013-10-22 16:55:18 -0700 | [diff] [blame] | 94 | .. class:: Whirlpool() |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 95 | |
| 96 | Whirlpool is a cryptographic hash function that is part of ISO/IEC |
| 97 | 10118-3:2004. It has a 512-bit message digest. |
| 98 | |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 99 | MD5 |
| Matthew Iversen | 505491b | 2013-10-19 15:56:17 +1100 | [diff] [blame] | 100 | ~~~ |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 101 | |
| 102 | .. warning:: |
| 103 | |
| 104 | MD5 is a deprecated hash algorithm that has practical known collision |
| 105 | attacks. You are strongly discouraged from using it. |
| 106 | |
| David Reid | 1f3d718 | 2013-10-22 16:55:18 -0700 | [diff] [blame] | 107 | .. class:: MD5() |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 108 | |
| Paul Kehrer | 2b9b301 | 2013-10-22 17:09:38 -0500 | [diff] [blame] | 109 | MD5 is a deprecated cryptographic hash function. It has a 128-bit message |
| Paul Kehrer | 36e7d0d | 2013-10-18 18:54:40 -0500 | [diff] [blame] | 110 | digest and has practical known collision attacks. |