From c31feaf83d4c5a2500ed08d49d0c822805bdfe75 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 3 Jan 2017 16:55:28 +0100 Subject: [PATCH 1/3] update pysha3 to 1.0b1, sha3 NIST 2015 standard --- docs/server/source/appendices/cryptography.md | 10 +++++++--- setup.py | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/server/source/appendices/cryptography.md b/docs/server/source/appendices/cryptography.md index ecbd3c7e..90156644 100644 --- a/docs/server/source/appendices/cryptography.md +++ b/docs/server/source/appendices/cryptography.md @@ -15,8 +15,9 @@ algorithm provided by the which is a wrapper around the optimized reference implementation from [http://keccak.noekeon.org](http://keccak.noekeon.org). -Here's the relevant code from `bigchaindb/bigchaindb/common/crypto.py` -(as of 11 December 2016): +**Important**: Since selecting the Keccak hashing algorithm for SHA-3 in 2012, NIST [released a new version](https://en.wikipedia.org/wiki/SHA-3#cite_note-14) of the hash using the same algorithm but slightly different parameters. As of version 0.9, BigchainDB is using the latest version. See below for an example output of the hash function. + +Here's the relevant code from `bigchaindb/bigchaindb/common/crypto.py: ```python import sha3 @@ -37,7 +38,10 @@ For example: >>> import sha3 >>> data = '字' >>> sha3.sha3_256(data.encode()).hexdigest() -'c67820de36d949a35ca24492e15767e2972b22f77213f6704ac0adec123c5690' +'2b38731ba4ef72d4034bef49e87c381d1fbe75435163b391dd33249331f91fe7' +>>> data = 'hello world' +>>> sha3.sha3_256(data.encode()).hexdigest() +'644bcc7e564373040999aac89e7622f3ca71fba1d972fd94a31c3bfbf24e3938' ``` Note: Hashlocks (which are one kind of crypto-condition) diff --git a/setup.py b/setup.py index 7fb278ea..84fb3ff3 100644 --- a/setup.py +++ b/setup.py @@ -61,7 +61,7 @@ install_requires = [ # TODO Consider not installing the db drivers, or putting them in extras. 'rethinkdb~=2.3', # i.e. a version between 2.3 and 3.0 'pymongo~=3.4', - 'pysha3>=0.3', + 'pysha3==1.0b1', 'cryptoconditions>=0.5.0', 'statsd>=3.2.1', 'python-rapidjson>=0.0.8', From eeef08a43af6a56656f33449e693d1a4d3fdec56 Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Tue, 3 Jan 2017 17:04:43 +0100 Subject: [PATCH 2/3] mention version of pysha3 and link to pypi page instead --- docs/server/source/appendices/cryptography.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/server/source/appendices/cryptography.md b/docs/server/source/appendices/cryptography.md index 90156644..776ff3ff 100644 --- a/docs/server/source/appendices/cryptography.md +++ b/docs/server/source/appendices/cryptography.md @@ -9,13 +9,13 @@ as described in [the section on JSON serialization](json-serialization.html). ## Hashes BigchainDB computes transaction and block hashes using an implementation of the -[SHA3-256](https://en.wikipedia.org/wiki/SHA-3) +[SHA3-256](https://pypi.python.org/pypi/pysha3) algorithm provided by the [**pysha3** package](https://bitbucket.org/tiran/pykeccak), which is a wrapper around the optimized reference implementation from [http://keccak.noekeon.org](http://keccak.noekeon.org). -**Important**: Since selecting the Keccak hashing algorithm for SHA-3 in 2012, NIST [released a new version](https://en.wikipedia.org/wiki/SHA-3#cite_note-14) of the hash using the same algorithm but slightly different parameters. As of version 0.9, BigchainDB is using the latest version. See below for an example output of the hash function. +**Important**: Since selecting the Keccak hashing algorithm for SHA-3 in 2012, NIST [released a new version](https://en.wikipedia.org/wiki/SHA-3#cite_note-14) of the hash using the same algorithm but slightly different parameters. As of version 0.9, BigchainDB is using the latest version, supported by pysha3 1.0b1. See below for an example output of the hash function. Here's the relevant code from `bigchaindb/bigchaindb/common/crypto.py: From 6d3fa10e20eac74241baaeea7144d11bc10730ad Mon Sep 17 00:00:00 2001 From: Scott Sadler Date: Thu, 5 Jan 2017 10:19:20 +0100 Subject: [PATCH 3/3] use pysha3 1.0.0 --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 84fb3ff3..d2f9365e 100644 --- a/setup.py +++ b/setup.py @@ -61,7 +61,7 @@ install_requires = [ # TODO Consider not installing the db drivers, or putting them in extras. 'rethinkdb~=2.3', # i.e. a version between 2.3 and 3.0 'pymongo~=3.4', - 'pysha3==1.0b1', + 'pysha3==1.0.0', 'cryptoconditions>=0.5.0', 'statsd>=3.2.1', 'python-rapidjson>=0.0.8',