[doc] hmac cannot be used with shake algorithms

[minrk]

BPO	28384
Nosy	@tiran, @takluyver, @minrk

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = None
created_at = <Date 2016-10-07.11:50:44.279>
labels = ['type-bug', '3.9', '3.10', '3.11', 'extension-modules', 'docs']
title = '[doc] hmac cannot be used with shake algorithms'
updated_at = <Date 2022-01-17.23:14:46.268>
user = 'https://github.com/minrk'

bugs.python.org fields:

activity = <Date 2022-01-17.23:14:46.268>
actor = 'iritkatriel'
assignee = 'docs@python'
closed = False
closed_date = None
closer = None
components = ['Documentation', 'Extension Modules']
creation = <Date 2016-10-07.11:50:44.279>
creator = 'minrk'
dependencies = []
files = []
hgrepos = []
issue_num = 28384
keywords = []
message_count = 2.0
messages = ['278235', '278468']
nosy_count = 4.0
nosy_names = ['christian.heimes', 'docs@python', 'takluyver', 'minrk']
pr_nums = []
priority = 'normal'
resolution = None
stage = None
status = 'open'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue28384'
versions = ['Python 3.9', 'Python 3.10', 'Python 3.11']

[minrk]

HMAC digest methods call inner.digest() with no arguments, but new-in-3.6 shake algorithms require a length argument.

possible solutions:

1. add optional length argument to HMAC.[hex]digest, and pass through to inner hash object
2. set hmac.digest_size, and use that to pass through to inner hash object if inner hash object has digest_size == 0
3. give shake hashers a default value for length in digest methods (logically 32 for shake_256, 16 for shake_128, I think)

test:

import hmac, hashlib

h = hmac.HMAC(b'secret', digestmod=hashlib.shake_256)
h.hexdigest() # raises on self.inner.digest() requires length argument

[tiran]

It's not a bug, but indented behavior. It does not make any sense to use SHAKE with the HMAC construct. In fact it does not make sense to combine Keccak sponge or Blake2 with HMAC at all. HMAC is only necessary for old, Merkle-Damgard hashing algorithms like MD5, SHA1 and SHA2, because they are subject to length extension attacks.

The correct solution is
4. improve documentation