Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
SHA-3 wrapper (keccak) for Python. The package is a wrapper around the optimized Keccak Code Package, https://github.com/gvanas/KeccakCodePackage .
The module is a standalone version of my SHA-3 module from Python 3.6 (currently under development). The code in sha3module.c has been modified to be compatible with Python 2.7 to 3.5. Python 2.6 and earlier are not supported.
pysha3 1.0 is not compatible with pysha3 0.3!
pysha3 < 1.0 used the old Keccak implementation. During the finalization of SHA3, NIST changed the delimiter suffix from 0x01 to 0x06. The Keccak sponge function stayed the same. pysha3 1.0 provides the previous Keccak hash, too.
pysha3 has been successfully tested on several platforms:
The sha3
module contains several constructors for hash objects with a
PEP 247 compatible interface. The module provides SHA3, SHAKE and Keccak:
sha3_224()
, sha3_256()
, sha3_384()
, and sha3_512()
shake_128()
, shake_256()
keccak_224()
, keccak_256()
, keccak_384()
, and keccak_512()
The sha3
module monkey patches the hashlib
module . The monkey patch is
automatically activated with the first import of the sha3
module. The
hashlib
module of Python 3.6 will support the four SHA-3 algorithms and
the two SHAKE algorithms on all platforms. Therefore you shouldn't use the
sha3 module directly and rather go through the hashlib
interface::
import sys import hashlib if sys.version_info < (3, 6): ... import sha3 s = hashlib.sha3_512() s.name 'sha3_512' s.digest_size 64 s.update(b"data") s.hexdigest() 'ceca4daf960c2bbfb4a9edaca9b8137a801b65bae377e0f534ef9141c8684c0fedc1768d1afde9766572846c42b935f61177eaf97d355fa8dc2bca3fecfa754d'
s = hashlib.shake_256() s.update(b"data") s.hexdigest(4) 'c73dbed8' s.hexdigest(8) 'c73dbed8527f5ae0' s.hexdigest(16) 'c73dbed8527f5ae0568679f30ecc5cb6'
import sha3 k = sha3.keccak_512() k.update(b"data") k.hexdigest() '1065aceeded3a5e4412e2187e919bffeadf815f5bd73d37fe00d384fe29f55f08462fdabe1007b993ce5b8119630e7db93101d9425d6e352e22ffe3dcb56b825'
Unreleased
Release: 05-Feb-2017
Release: 24-Jan-2017
Fix github.org -> github.com (Pi Delport)
Fix endianness checks for Python 2 (William Grant)
Fix changelog, the Christmas release was 1.0.0, not 1.1.0
Release date: 24-Dec-2016
Synchronize with Python 3.6.0 release
Move all backport related additions to backport.inc
Fix flake8 violations
Release date: 01-May-2016
Update backend to use the latest Keccak Code Package. pysha3 now implements the official NIST standard. The old Keccak hashes are available with keccak prefix.
Add SHAKE support.
All sha3, shake and keccak variants are separate types instead of factory functions that return the same type.
Drop Python 2.6 and Python 3.0 to 3.3 support.
Fix typo that disabled threading optimization.
Add vector files for additional tests.
Add experimental HMAC support based on examples from http://wolfgang-ehrhardt.de/hmac-sha3-testvectors.html .
Test hashing of unaligned data.
Add ISO C11 memset_s() function as _Py_memset_s() in order to securely wipe memory that holds sensitive data. The page https://www.securecoding.cert.org/confluence/display/seccode/MSC06-C.+Be+aware+of+compiler+optimization+when+dealing+with+sensitive+data explains the motivation for memset_s().
Add tox support.
Add Travis and appveyor integration.
Add _capacity_bits, _rate_bits and _suffix attributes for diagnostic purposes.
Release date: 14-Oct-2012
Fix 64bit big endian support
Add workaround for alignment error on 64bit SPARC machine by using the opt32 implementation.
block_size now returns NotImplemented to prevent users from using pysha3 with the hmac module.
Release date: 07-Oct-2012
Release date: 06-Oct-2012
Fix MANIFEST.in to include Makefile and tests.py
Add setup.py test command with hack for inplace builds
Enhance README.txt and fixed its markup
Release date: 06-Oct-2012
Change directory struct to use the same directory layout as Python 3.4.
Remove C++ comments from Keccak sources for ANSI C compatibility.
Declare all Keccak functions and globals as static to avoid name clashes.
Remove alias sha3() for sha3_512().
Add block_size attribute. Keccak has a internal sponge size of 1600 bits.
Release GIL around SHA3_update() calls.
Monkey patch the hashlib module to support, e.g. hashlib.sha3_512() and hashlib.new("sha3_512")
Release GIL around SHA3_update() when the data exceeds a certain size.
Fix build on platforms with an unsigned 64bit integer type (uint64_t). The module falls back to 32bit implementation of Keccak with interleave tables.
Release date: 04-Oct-2012
first release
based on KeccakReferenceAndOptimized-3.2.zip
FAQs
SHA-3 (Keccak) for Python 3.9 - 3.11
We found that safe-pysha3 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.