Skip to content

docs: recommend SHA-256 for new OAEP usage#912

Open
salasebas wants to merge 1 commit into
Legrandin:masterfrom
salasebas:issue-906-oaep-sha1-default
Open

docs: recommend SHA-256 for new OAEP usage#912
salasebas wants to merge 1 commit into
Legrandin:masterfrom
salasebas:issue-906-oaep-sha1-default

Conversation

@salasebas

Copy link
Copy Markdown

Addresses #906.

Summary

This keeps the RSAES-OAEP default hash algorithm as SHA-1 for compatibility with RFC 8017 and existing ciphertexts, but updates the documentation to recommend SHA-256 explicitly for new protocols.

Changes included:

  • Document that SHA-1 remains the default because it is the RFC 8017 RSAES-OAEP default.
  • Recommend SHA-256 or stronger hashes for new OAEP usage when legacy interoperability does not require SHA-1.
  • Update OAEP examples to pass hashAlgo=SHA256.
  • Clarify the hashAlgo docstring in Crypto.Cipher.PKCS1_OAEP.

Rationale

Changing the default hash algorithm would silently break interoperability and decryption of existing OAEP ciphertexts created with the current default. A documentation/example update gives new users safer guidance without introducing a backward compatibility break.

Tests

  • python3 setup.py build_ext -i
  • env PYTHONPATH=lib:test_vectors python3 -c 'import unittest; from Crypto.SelfTest.Cipher import test_pkcs1_oaep; suite=unittest.TestSuite(test_pkcs1_oaep.get_tests({"slow_tests": False, "wycheproof_warnings": False})); result=unittest.TextTestRunner(verbosity=2).run(suite); raise SystemExit(0 if result.wasSuccessful() else 1)'
  • git diff --check

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant