The HMAC library in Python still uses MD5 (http://docs.python.org/library/hmac.h... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		robee on Dec 9, 2011 \| parent \| context \| favorite \| on: Authentication made easy, fast and RESTful The HMAC library in Python still uses MD5 (http://docs.python.org/library/hmac.html) which is known to be exploitable with hash collisions. My opinion is that its not too difficult to roll a MAC setup using some SHA based hash.

adambard on Dec 12, 2011 [–]

The constructor for the Python HMAC library just defaults to MD5; you can pass any of the hashlib modules to it via the digestmod parameter. I don't know why it doesn't default to something more secure, but it's no challenge to do.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact