On Wed, Oct 01, 2008 at 09:43:54AM -0400, Cole Robinson wrote:
> Daniel P. Berrange wrote:
> > On Tue, Sep 30, 2008 at 05:39:13PM -0400, Joey Boggs wrote:
> >> Here's a sample that works, just want to verify it's alright. Is 64MB
> >> too much/too little to read at one time?
> >>
> >>
> >> f = open("test.raw","r")
> >> m = sha.new()
> >> while 1:
> >> chunk = f.read(65536)
> >> if not chunk:
> >> break
> >> m.update(chunk)
> >> print m.hexdigest()
> >
> > Both md5 and sha1 are becoming obsolete, and indeed forbidden by some
> > of the more paranoid organizations. I'd recommend we go straight
> > to using at least sha256. Also the docs recommend using hashlib module
> > directly, eg
> >
> > import hashlib
> >
> > m = hashlib.sha256()
> > while 1:
> > chunk = f.read(65536)
> > if not chunk:
> > break
> > m.update(chunk)
> > print m.hexdigest()
> >
> > Daniel
>
> Yeah, the only problem with hashlib is that it's python2.5
> only. But we could just catch the import error and disable
> the functionality if need be.
>
> As far as md5 or sha1, no comment, though we probably want
> to support whatever other config formats use (if any do
> indeed offer hash support).
I suggest then we include multiple checksums. Either a md5 or sha1
checksum which we can do everywhere, and a second sha256 checksum
for stronger validation where available.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools
