Docs: Fix stdlib hashing and http notes

heikkitoivonen · codex · heikkitoivonen · commit 7e01881abce1 · 2026-01-27T13:05:01.000-08:00
Co-Authored-By: Codex &lt;codex@openai.com&gt;
diff --git a/docs/stdlib/hashlib.md b/docs/stdlib/hashlib.md
@@ -275,17 +275,17 @@ import time
 
 data = b"x" * (1024 * 1024)  # 1MB
 
-# MD5 (fastest, insecure)
+# MD5 (fast, insecure)
 start = time.time()
 hashlib.md5(data).digest()  # O(1MB)
 md5_time = time.time() - start
 
-# SHA256 (slower, secure)
+# SHA256 (secure)
 start = time.time()
 hashlib.sha256(data).digest()  # O(1MB)
 sha256_time = time.time() - start
 
-# SHA512 (slowest, more secure)
+# SHA512 (secure; speed varies by platform)
 start = time.time()
 hashlib.sha512(data).digest()  # O(1MB)
 sha512_time = time.time() - start
@@ -321,7 +321,22 @@ assert digest1 == digest2
 import hashlib
 
 # Algorithms guaranteed available
-guaranteed = {'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'}
+guaranteed = {
+    'md5',
+    'sha1',
+    'sha224',
+    'sha256',
+    'sha384',
+    'sha512',
+    'blake2b',
+    'blake2s',
+    'sha3_224',
+    'sha3_256',
+    'sha3_384',
+    'sha3_512',
+    'shake_128',
+    'shake_256',
+}
 
 # Algorithms available on system
 available = set(hashlib.algorithms_available)
diff --git a/docs/stdlib/heapq.md b/docs/stdlib/heapq.md
@@ -201,8 +201,8 @@ fifo_queue = deque()  # Simple FIFO
 heapq.heappush(heap_queue, (priority, task))  # O(log n)
 fifo_queue.append(task)  # O(1)
 
-# Get task with priority
-task = heapq.heappop(heap_queue)  # O(log n), gets highest priority
+# Get task with priority (smallest priority value first)
+task = heapq.heappop(heap_queue)  # O(log n)
 task = fifo_queue.popleft()  # O(1), gets oldest
 ```
 
diff --git a/docs/stdlib/hmac.md b/docs/stdlib/hmac.md
@@ -6,11 +6,11 @@ The `hmac` module provides HMAC (Hash-based Message Authentication Code) functio
 
 | Operation | Time | Space | Notes |
 |-----------|------|-------|-------|
-| `hmac.new(key, msg, digestmod)` | O(n) | O(n) | Create HMAC, n = msg size |
-| `HMAC.update(msg)` | O(n) | O(k) | Add data to digest, k = hash block size |
+| `hmac.new(key, msg, digestmod)` | O(n) | O(1) | Create HMAC, n = msg size |
+| `HMAC.update(msg)` | O(n) | O(1) | Add data to digest, k = hash block size |
 | `HMAC.digest()` | O(k) | O(k) | Get binary digest, k = hash output size |
 | `HMAC.hexdigest()` | O(k) | O(k) | Get hex digest |
-| `hmac.compare_digest(a, b)` | O(n) | O(1) | Constant-time comparison |
+| `hmac.compare_digest(a, b)` | O(n) | O(1) | Timing-safe for equal-length inputs |
 
 ## Creating HMAC
 
@@ -33,14 +33,14 @@ h = hmac.new(key, message, hashlib.sha256)  # O(n)
 digest = h.digest()  # O(k) where k = output size
 ```
 
-### Space Complexity: O(n)
+### Space Complexity: O(1)
 
 ```python
 import hmac
 import hashlib
 
-# Memory for message processing
-h = hmac.new(key, message, hashlib.sha256)  # O(n) for buffering
+# No buffering of the full message (beyond the input itself)
+h = hmac.new(key, message, hashlib.sha256)  # O(1) extra space
 ```
 
 ## Streaming Updates
@@ -127,22 +127,22 @@ import hashlib
 
 message = b'data' * 1000
 
-# MD5: Fast but deprecated
+# MD5: Deprecated (cryptographically broken)
 # O(n) time
 h = hmac.new(b'key', message, hashlib.md5)  # O(n)
 digest = h.digest()  # O(16) bytes
 
-# SHA1: Faster than SHA256, deprecated
+# SHA1: Deprecated (cryptographically broken)
 # O(n) time
 h = hmac.new(b'key', message, hashlib.sha1)  # O(n)
 digest = h.digest()  # O(20) bytes
 
-# SHA256: Default, secure
-# O(n) time (slower than MD5/SHA1)
+# SHA256: Common, secure choice
+# O(n) time
 h = hmac.new(b'key', message, hashlib.sha256)  # O(n)
 digest = h.digest()  # O(32) bytes
 
-# SHA512: More secure, slower
+# SHA512: Larger digest size; performance varies by platform
 # O(n) time
 h = hmac.new(b'key', message, hashlib.sha512)  # O(n)
 digest = h.digest()  # O(64) bytes
@@ -209,7 +209,7 @@ if received_hmac == computed_hmac:  # ❌ INSECURE
 
 # Good: Constant-time comparison
 if hmac.compare_digest(received_hmac, computed_hmac):  # ✓ SECURE
-    # Always takes same time, timing independent
+    # Timing-safe for equal-length inputs; time depends on length
     pass
 ```
 
@@ -373,8 +373,8 @@ import hashlib
 # Good balance of security and performance
 h = hmac.new(b'key', b'data', hashlib.sha256)
 
-# SHA512: MAXIMUM SECURITY
-# Slower but better for critical applications
+# SHA512: Larger digest size
+# Performance varies by platform
 h = hmac.new(b'key', b'data', hashlib.sha512)
 ```
 
@@ -406,10 +406,7 @@ h = hmac.new(very_long_key, b'data', hashlib.sha256)
 
 ## Version Notes
 
-- **Python 2.4+**: Basic HMAC support
-- **Python 3.4+**: `compare_digest()` function
-- **Python 3.6+**: Better performance
-- **Python 3.9+**: Additional algorithm support
+- **Python 3.x**: `hmac` module available, including `compare_digest()`
 
 ## Related Documentation
 
diff --git a/docs/stdlib/html.md b/docs/stdlib/html.md
@@ -8,8 +8,8 @@ The `html` module provides utilities for working with HTML content, including es
 |-----------|------|-------|-------|
 | `escape(text)` | O(n) | O(n) | n = string length |
 | `unescape(text)` | O(n) | O(n) | n = string length |
-| `parser.HTMLParser()` | O(n) | O(n) | n = HTML size |
-| `parser.feed(text)` | O(n) | O(n) | n = text length |
+| `html.parser.HTMLParser()` | O(1) | O(1) | Parser construction |
+| `HTMLParser.feed(text)` | O(n) | O(1) | n = text length; extra space depends on handlers |
 
 ## Common Operations
 
@@ -47,7 +47,7 @@ unescaped = unescape(escaped)
 # Common entities - O(n)
 entities = '&copy; &nbsp; &#169; &#x00A9;'
 result = unescape(entities)
-# Returns: © ™ © ©
+# Returns: ©  © ©
 ```
 
 ## Common Use Cases
@@ -260,9 +260,7 @@ def get_title_safe(attrs):
 
 ## Version Notes
 
-- **Python 3.2+**: html.escape() and unescape()
-- **Python 3.4+**: Improved html.parser
-- **Python 3.x**: Full Unicode support
+- **Python 3.x**: `html.escape`, `html.unescape`, and `html.parser` are available
 
 ## Related Documentation
 
diff --git a/docs/stdlib/http.md b/docs/stdlib/http.md
@@ -7,7 +7,6 @@ The `http` module provides HTTP client and server implementation, including stat
 | Operation | Time | Space | Notes |
 |-----------|------|-------|-------|
 | Status lookup | O(1) | O(1) | Hash-based |
-| Parse message | O(n) | O(n) | n = message size |
 
 ## HTTP Status Codes
 
@@ -21,7 +20,7 @@ print(HTTPStatus.OK)        # 200
 print(HTTPStatus.NOT_FOUND) # 404
 print(HTTPStatus.FORBIDDEN) # 403
 
-# Access by value - O(n) linear search through enum members
+# Access by value - O(1) lookup
 response_code = 404
 status = HTTPStatus(response_code)
 print(status.name)          # NOT_FOUND
