当对缓慢的 stdlib实现_md5感到沮丧时,发现此未记录。hashlib.md5在 Macbook 上:>>> timeit hashlib.md5(b"hello world")597 ns ± 17.2 ns per loop (mean ± std. dev. of 7 runs, 1000000 loops each)>>> timeit _md5.md5(b"hello world")224 ns ± 3.18 ns per loop (mean ± std. dev. of 7 runs, 1000000 loops each)>>> _md5<module '_md5' from '/usr/local/Cellar/python/3.7.6_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/lib-dynload/_md5.cpython-37m-darwin.so'>在 Windows 机器上:>>> timeit hashlib.md5(b"stonk overflow")328 ns ± 21.8 ns per loop (mean ± std. dev. of 7 runs, 1000000 loops each)>>> timeit _md5.md5(b"stonk overflow")110 ns ± 12.5 ns per loop (mean ± std. dev. of 7 runs, 10000000 loops each)>>> _md5<module '_md5' (built-in)>在 Linux 机器上:>>> timeit hashlib.md5(b"https://adventofcode.com/2016/day/5")259 ns ± 1.33 ns per loop (mean ± std. dev. of 7 runs, 1000000 loops each)>>> timeit _md5.md5(b"https://adventofcode.com/2016/day/5")102 ns ± 0.0576 ns per loop (mean ± std. dev. of 7 runs, 10000000 loops each)>>> _md5<module '_md5' from '/usr/local/lib/python3.8/lib-dynload/_md5.cpython-38-x86_64-linux-gnu.so'>对于散列短消息,它的速度更快。对于长消息,类似的性能。为什么它隐藏在下划线扩展模块中,为什么在 hashlib 中默认不使用这种更快的实现? 什么是_md5模块,为什么它没有公共 API?
3 回答
千巷猫影
TA贡献1829条经验 获得超7个赞
在Python 2. 5之前,哈希和摘要在它们自己的模块中实现(例如[Python 2.Docs ]: md5 - MD5 message digest algorithm)。
从v2.5开始,[Python 2.6.Docs]: hashlib -添加了安全哈希和消息摘要。其目的是:
提供对哈希/摘要的统一访问方法(通过它们的名称)
切换(默认情况下)到外部密码学提供程序(这似乎是委托给该领域的某个专门实体的合乎逻辑的步骤,因为维护所有这些算法可能是一种矫枉过正)。那时OpenSSL是最好的选择:足够成熟、知名和兼容(有一堆类似的Java提供者,但那些都没什么用)
作为#2的副作用。,Python实现对公共API隐藏(重命名为:_md5、_sha1、_sha256、_sha512,后添加:_blake2、_sha3),因为冗余通常会造成混淆。
但是,另一个副作用是_hashlib.so对OpenSSL的libcrypto*.so的依赖(这是Nix(至少Lnx)特定的,在Win上,静态libeay32.lib链接在_hashlib.pyd,还有_ssl.pyd(我认为是蹩脚的),直到v3。7 +,其中OpenSSL .dll是Python安装的一部分)。
可能在90+%的机器上一切都很顺利,因为默认安装了OpenSSL,但是对于那些没有安装的机器,很多事情可能会被破坏,因为例如hashlib是由许多模块导入的(一个这样的例子是随机的它本身被许多其他人导入),因此与密码学完全无关的琐碎代码(至少不是第一眼看到的)将停止工作. 这就是保留旧实现的原因(但同样,它们只是后备,因为OpenSSL版本/应该得到更好的维护)。
[cfati@cfati-ubtu16x64-0:~/Work/Dev/StackOverflow/q059955854]> ~/sopr.sh
*** Set shorter prompt to better fit when pasted in StackOverflow (or other) pages ***
[064bit-prompt]> python3 -c "import sys, hashlib as hl, _md5, ssl;print(\"{0:}\n{1:}\n{2:}\n{3:}\".format(sys.version, _md5, hl._hashlib, ssl.OPENSSL_VERSION))"
3.5.2 (default, Oct 8 2019, 13:06:37)
[GCC 5.4.0 20160609]
<module '_md5' (built-in)>
<module '_hashlib' from '/usr/lib/python3.5/lib-dynload/_hashlib.cpython-35m-x86_64-linux-gnu.so'>
OpenSSL 1.0.2g 1 Mar 2016
[064bit-prompt]>
[064bit-prompt]> ldd /usr/lib/python3.5/lib-dynload/_hashlib.cpython-35m-x86_64-linux-gnu.so
linux-vdso.so.1 => (0x00007fffa7d0b000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f50d9e4d000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f50d9a83000)
libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007f50d963e000)
/lib64/ld-linux-x86-64.so.2 (0x00007f50da271000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f50d943a000)
[064bit-prompt]>
[064bit-prompt]> openssl version -a
OpenSSL 1.0.2g 1 Mar 2016
built on: reproducible build, date unspecified
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/lib/ssl"
[064bit-prompt]>
[064bit-prompt]> python3 -c "import _md5, hashlib as hl;print(_md5.md5(b\"A\").hexdigest(), hl.md5(b\"A\").hexdigest())"
7fc56270e7a70fa81a5935b72eacbe29 7fc56270e7a70fa81a5935b72eacbe29
根据[Python 3.Docs]:hashlib。算法保证:
包含哈希算法名称的集合,保证在所有平台上都受此模块支持。请注意,尽管一些上游供应商提供了一个奇怪的“FIPS 兼容”Python 构建,但排除了它,但“md5”仍在此列表中。
下面是一个自定义Python 2.7安装的示例(我很久以前构建的,值得一提的是它动态链接到OpenSSL .dll):
e:\Work\Dev\StackOverflow\q059955854>sopr.bat
*** Set shorter prompt to better fit when pasted in StackOverflow (or other) pages ***
[prompt]> "F:\Install\pc064\HPE\OPSWpython\2.7.10__00\python.exe" -c "import sys, ssl;print(\"{0:}\n{1:}\".format(sys.version, ssl.OPENSSL_VERSION))"
2.7.10 (default, Mar 8 2016, 15:02:46) [MSC v.1600 64 bit (AMD64)]
OpenSSL 1.0.2j-fips 26 Sep 2016
[prompt]> "F:\Install\pc064\HPE\OPSWpython\2.7.10__00\python.exe" -c "import hashlib as hl;print(hl.md5(\"A\").hexdigest())"
7fc56270e7a70fa81a5935b72eacbe29
[prompt]> "F:\Install\pc064\HPE\OPSWpython\2.7.10__00\python.exe" -c "import ssl;ssl.FIPS_mode_set(True);import hashlib as hl;print(hl.md5(\"A\").hexdigest())"
Traceback (most recent call last):
File "<string>", line 1, in <module>
ValueError: error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips
至于速度问题我只能推测:
Python实现(显然)是专门为Python编写的,这意味着它对于Python比通用版本“更优化”(是的,这在语法上是不正确的) ,并且还驻留在python*.so(或python可执行文件本身)中
OpenSSL实现驻留在libcrypto*.so中,它被包装器_hashlib.so访问,它在Python类型 ( PyObject* ) 和OpenSSL类型( EVP_MD_CTX* )之间进行来回转换
考虑到上述情况,前者(稍微)更快是有道理的(至少对于小消息,其中开销(函数调用和其他Python底层操作)与散列本身相比占总时间的很大一部分)。还有其他因素需要考虑(例如,是否使用了OpenSSL汇编器加速)。
更新#0
以下是我自己的一些基准。
code00.py:
#!/usr/bin/env python
import sys
from hashlib import md5 as md5_openssl
from _md5 import md5 as md5_builtin
import timeit
def main(*argv):
base_text = b"A"
number = 1000000
print("timeit attempts number: {0:d}".format(number))
#x = []
#y = {}
for count in range(0, 16):
factor = 2 ** count
text = base_text * factor
globals_dict = {"text": text}
#x.append(factor)
print("\nUsing a {0:8d} (2 ** {1:2d}) bytes message".format(len(text), count))
for func in [
md5_openssl,
md5_builtin,
]:
globals_dict["md5"] = func
t = timeit.timeit(stmt="md5(text)", globals=globals_dict, number=number)
print(" {0:12s} took: {1:11.6f} seconds".format(func.__name__, t))
#y.setdefault(func.__name__, []).append(t)
#print(x, y)
if __name__ == "__main__":
print("Python {0:s} {1:d}bit on {2:s}\n".format(" ".join(item.strip() for item in sys.version.split("\n")), 64 if sys.maxsize > 0x100000000 else 32, sys.platform))
main(*sys.argv[1:])
print("\nDone.")
输出:
Win 10 pc064(在戴尔 Precision 5510笔记本电脑上运行):
[prompt]> "e:\Work\Dev\VEnvs\py_pc064_03.07.06_test0\Scripts\python.exe" code00.py
Python 3.7.6 (tags/v3.7.6:43364a7ae0, Dec 19 2019, 00:42:30) [MSC v.1916 64 bit (AMD64)] 64bit on win32
timeit attempts number: 1000000
Using a 1 (2 ** 0) bytes message
openssl_md5 took: 0.449134 seconds
md5 took: 0.120021 seconds
Using a 2 (2 ** 1) bytes message
openssl_md5 took: 0.460399 seconds
md5 took: 0.118555 seconds
Using a 4 (2 ** 2) bytes message
openssl_md5 took: 0.451850 seconds
md5 took: 0.121166 seconds
Using a 8 (2 ** 3) bytes message
openssl_md5 took: 0.438398 seconds
md5 took: 0.118127 seconds
Using a 16 (2 ** 4) bytes message
openssl_md5 took: 0.454653 seconds
md5 took: 0.122818 seconds
Using a 32 (2 ** 5) bytes message
openssl_md5 took: 0.450776 seconds
md5 took: 0.118594 seconds
Using a 64 (2 ** 6) bytes message
openssl_md5 took: 0.555761 seconds
md5 took: 0.278812 seconds
Using a 128 (2 ** 7) bytes message
openssl_md5 took: 0.681296 seconds
md5 took: 0.455921 seconds
Using a 256 (2 ** 8) bytes message
openssl_md5 took: 0.895952 seconds
md5 took: 0.807457 seconds
Using a 512 (2 ** 9) bytes message
openssl_md5 took: 1.401584 seconds
md5 took: 1.499279 seconds
Using a 1024 (2 ** 10) bytes message
openssl_md5 took: 2.360966 seconds
md5 took: 2.878650 seconds
Using a 2048 (2 ** 11) bytes message
openssl_md5 took: 4.383245 seconds
md5 took: 5.655477 seconds
Using a 4096 (2 ** 12) bytes message
openssl_md5 took: 8.264774 seconds
md5 took: 10.920909 seconds
Using a 8192 (2 ** 13) bytes message
openssl_md5 took: 15.521947 seconds
md5 took: 21.895179 seconds
Using a 16384 (2 ** 14) bytes message
openssl_md5 took: 29.947287 seconds
md5 took: 43.198639 seconds
Using a 32768 (2 ** 15) bytes message
openssl_md5 took: 59.123447 seconds
md5 took: 86.453821 seconds
Done.
Ubtu 16 pc064(在上述机器上的VirtualBox中运行的VM ):
[064bit-prompt]> python3 code00.py
Python 3.5.2 (default, Oct 8 2019, 13:06:37) [GCC 5.4.0 20160609] 64bit on linux
timeit attempts number: 1000000
Using a 1 (2 ** 0) bytes message
openssl_md5 took: 0.246166 seconds
md5 took: 0.130589 seconds
Using a 2 (2 ** 1) bytes message
openssl_md5 took: 0.251019 seconds
md5 took: 0.127750 seconds
Using a 4 (2 ** 2) bytes message
openssl_md5 took: 0.257018 seconds
md5 took: 0.123116 seconds
Using a 8 (2 ** 3) bytes message
openssl_md5 took: 0.245399 seconds
md5 took: 0.128267 seconds
Using a 16 (2 ** 4) bytes message
openssl_md5 took: 0.251832 seconds
md5 took: 0.136373 seconds
Using a 32 (2 ** 5) bytes message
openssl_md5 took: 0.248410 seconds
md5 took: 0.140708 seconds
Using a 64 (2 ** 6) bytes message
openssl_md5 took: 0.361016 seconds
md5 took: 0.267021 seconds
Using a 128 (2 ** 7) bytes message
openssl_md5 took: 0.478735 seconds
md5 took: 0.413986 seconds
Using a 256 (2 ** 8) bytes message
openssl_md5 took: 0.707602 seconds
md5 took: 0.695042 seconds
Using a 512 (2 ** 9) bytes message
openssl_md5 took: 1.216832 seconds
md5 took: 1.268570 seconds
Using a 1024 (2 ** 10) bytes message
openssl_md5 took: 2.122014 seconds
md5 took: 2.429623 seconds
Using a 2048 (2 ** 11) bytes message
openssl_md5 took: 4.158188 seconds
md5 took: 4.847686 seconds
Using a 4096 (2 ** 12) bytes message
openssl_md5 took: 7.839173 seconds
md5 took: 9.242224 seconds
Using a 8192 (2 ** 13) bytes message
openssl_md5 took: 15.282232 seconds
md5 took: 18.368874 seconds
Using a 16384 (2 ** 14) bytes message
openssl_md5 took: 30.681912 seconds
md5 took: 36.755073 seconds
Using a 32768 (2 ** 15) bytes message
openssl_md5 took: 60.230543 seconds
md5 took: 73.237356 seconds
Done.
结果似乎与你的完全不同。就我而言:
从 [~ 512B .. ~ 1KiB ] 大小的消息开始,OpenSSL实现似乎比内置的执行得更好
我知道声明模式的结果太少,但似乎两种实现似乎与消息大小成线性比例(就时间而言)(但内置斜率似乎有点陡峭 - 这意味着它会表现更差从长远来看)
总而言之,如果您的所有消息都很小,并且内置实现最适合您,那么请使用它。
慕斯王
TA贡献1864条经验 获得超2个赞
Python 公共模块将方法委托给隐藏模块是很常见的。
例如,该collections.abc模块的完整代码为:
from _collections_abc import *
from _collections_abc import __all__
的函数hashlib是动态创建的:
for __func_name in __always_supported:
# try them all, some may not work due to the OpenSSL
# version not supporting that algorithm.
try:
globals()[__func_name] = __get_hash(__func_name)
的定义always_supported是:
__always_supported = ('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512',
'blake2b', 'blake2s',
'sha3_224', 'sha3_256', 'sha3_384', 'sha3_512',
'shake_128', 'shake_256')
get_hash或者:___get_openssl_constructor ___get_builtin_constructor
try:
import _hashlib
new = __hash_new
__get_hash = __get_openssl_constructor
algorithms_available = algorithms_available.union(
_hashlib.openssl_md_meth_names)
except ImportError:
new = __py_new
__get_hash = __get_builtin_constructor
__get_builtin_constructor是(再次)隐藏_hashlib模块的后备:
def __get_openssl_constructor(name):
if name in __block_openssl_constructor:
# Prefer our blake2 and sha3 implementation.
return __get_builtin_constructor(name)
try:
f = getattr(_hashlib, 'openssl_' + name)
# Allow the C module to raise ValueError. The function will be
# defined but the hash not actually available thanks to OpenSSL.
f()
# Use the C function directly (very fast)
return f
except (AttributeError, ValueError):
return __get_builtin_constructor(name)
在上面的hashlib代码中,你有这个:
def __get_builtin_constructor(name):
cache = __builtin_constructor_cache
...
elif name in {'MD5', 'md5'}:
import _md5
cache['MD5'] = cache['md5'] = _md5.md5
But md5is not in __block_openssl_constructor,因此该_hashlib/openssl版本优于该_md5/builtin版本:
REPL 中的确认:
>>> hashlib.md5
<built-in function openssl_md5>
>>> _md5.md5
<built-in function md5>
这些函数是 MD5 算法的不同实现,它们openssl_md5调用动态系统库。这就是为什么你有一些性能变化。第一个版本在https://github.com/python/cpython/blob/master/Modules/_hashopenssl.c中定义,另一个在https://github.com/python/cpython/blob/master/Modules/md5module .c,如果你想检查差异。
那为什么_md5.md5定义了函数但从未使用过?我想这个想法是确保某些算法始终可用,即使openssl不存在:
此模块中始终存在的哈希算法的构造函数是 sha1()、sha224()、sha256()、sha384()、sha512()、blake2b() 和 blake2s()。(https://docs.python.org/3/library/hashlib.html)
MMMHUHU
TA贡献1834条经验 获得超8个赞
我在 bugs.python.org 上环顾四周并阅读 cpython git 提交历史的理论:
cpython 在 2005 年切换到 openssl md5,因为它比内置实现更快。他们在 2007 年添加了一个新的内置实现,它比 openssl 更快,但从未切换回来。这两项更改均由 Gregory P. Smith 完成。
这是我的证据。
2005 年,Greg 创建了 bpo 问题“sha 和 md5 模块应尽可能使用 OpenSSL”。此提交中所做的更改。
2007 年,Greg 在此提交中添加了新的快速 md5 模块。
Python 3.8 中的
_md5实现似乎基本相同(我正在查看提交 ea316fd21527)
我认为 cpython 维护者可能会愿意切换回_md5它可用的时间,因为 openssl 实现更快不再是真的(过去 13 年可能是不真实的)。
添加回答
举报
0/150
提交
取消