{"id":8616,"library":"safe-pysha3","title":"SHA-3 (Keccak) for Python","description":"safe-pysha3 is an actively maintained fork of `pysha3`, providing SHA-3 (Keccak) hashing functionalities for Python versions 3.9 to 3.13. It wraps the optimized Keccak Code Package, offering FIPS202-compliant SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256, and pre-NIST Keccak hashes. This library ensures compatibility with modern Python versions and incorporates critical security fixes.","status":"active","version":"1.0.5","language":"en","source_language":"en","source_url":"https://github.com/5afe/pysha3","tags":["cryptography","sha3","keccak","hash","security","fips202"],"install":[{"cmd":"pip install safe-pysha3","lang":"bash","label":"Install latest version"}],"dependencies":[],"imports":[{"note":"For Python 3.6+, SHA-3 functions are integrated into `hashlib`. `safe-pysha3` monkey-patches `hashlib` upon import, making the standard `hashlib` interface the preferred and most compatible way to access SHA-3 algorithms. Direct `sha3` module access is mostly for internal use or older Python versions.","wrong":"import sha3\nsha3.SHA3_256()","symbol":"hashlib.sha3_256","correct":"import hashlib\nhashlib.sha3_256"},{"note":"Use `keccak_xxx` functions for the original Keccak (pre-NIST standard) hash if specific compatibility with older implementations is required.","symbol":"keccak_256","correct":"from sha3 import keccak_256"}],"quickstart":{"code":"import hashlib\n\ndata = b\"Hello, safe-pysha3!\"\n\n# Calculate SHA3-256 hash\nsha3_256_hasher = hashlib.sha3_256()\nsha3_256_hasher.update(data)\nprint(f\"SHA3-256: {sha3_256_hasher.hexdigest()}\")\n\n# Calculate SHAKE-128 hash with 32-byte output\nshake_128_hasher = hashlib.shake_128()\nshake_128_hasher.update(data)\nprint(f\"SHAKE-128 (32 bytes): {shake_128_hasher.hexdigest(32)}\")\n\n# Accessing a pre-NIST Keccak hash directly from sha3 module (if needed)\nfrom sha3 import keccak_512\nkeccak_512_hasher = keccak_512()\nkeccak_512_hasher.update(data)\nprint(f\"Keccak-512: {keccak_512_hasher.hexdigest()}\")","lang":"python","description":"This quickstart demonstrates how to calculate SHA3-256 and SHAKE-128 hashes using the standard `hashlib` interface, which `safe-pysha3` extends. It also shows how to access the `keccak_512` function directly for pre-NIST Keccak hashes."},"warnings":[{"fix":"Upgrade to `safe-pysha3`. For FIPS202-compliant SHA-3, use `hashlib.sha3_xxx()`. If the pre-NIST Keccak hash is specifically required, use the `keccak_xxx()` functions provided by `safe-pysha3`'s `sha3` module.","message":"The `pysha3` library version 1.0 (and `safe-pysha3`) is not compatible with `pysha3` versions older than 1.0 regarding standard SHA-3 output. The NIST finalization of SHA-3 changed the delimiter suffix from 0x01 to 0x06, meaning hashes generated by older versions for 'SHA-3' will differ from current FIPS202-compliant versions.","severity":"breaking","affected_versions":"All versions of `pysha3` < 1.0; migration to `safe-pysha3` from these old versions."},{"fix":"Ensure you are using `safe-pysha3` version 1.0.4 or newer. This version specifically includes the fix for CVE-2022-37454.","message":"A critical buffer overflow vulnerability (CVE-2022-37454) was present in the underlying Keccak XKCP SHA-3 reference implementation used by `pysha3` and early `safe-pysha3` versions. This flaw could lead to arbitrary code execution or compromise cryptographic properties.","severity":"breaking","affected_versions":"All `pysha3` versions prior to `safe-pysha3` v1.0.4."},{"fix":"Migrate to `safe-pysha3` for continued support, bug fixes, and compatibility with newer Python versions (3.9-3.13).","message":"The original `pysha3` package has reached its end of life and is no longer supported, as SHA-3 functionality was merged into Python's standard `hashlib` module in Python 3.6. Using the unmaintained `pysha3` can lead to installation issues and security vulnerabilities.","severity":"deprecated","affected_versions":"Original `pysha3` library, especially on Python 3.6+."}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Install `safe-pysha3` instead, which is actively maintained and provides compatible wheels for modern Python versions: `pip install safe-pysha3`. If a wheel is not available for your specific platform/Python version, ensure you have a C compiler installed.","cause":"This error typically occurs when attempting to install the unmaintained `pysha3` package on newer Python versions (e.g., Python 3.11+), as it lacks pre-built wheels and its `setup.py` may fail compilation without specific C build tools or for incompatibility reasons.","error":"ERROR: Failed building wheel for pysha3"},{"fix":"Confirm whether you need FIPS202-compliant SHA-3 or the older Keccak variant. If FIPS202 SHA-3, upgrade to `safe-pysha3` and use `hashlib.sha3_xxx()`. If the older Keccak is intentionally desired, use the `keccak_xxx()` functions from `safe-pysha3`'s `sha3` module.","cause":"This is often due to the historical change in the SHA-3 standard's padding delimiter. Older `pysha3` versions (<1.0) implemented the pre-NIST Keccak standard, which produces different hashes for 'SHA-3' than the final FIPS202 standard.","error":"Hash outputs do not match between different SHA-3 implementations or versions."}]}