![](https://secure.gravatar.com/avatar/3b7e6c77a5412587152c9e3f22b41c2a.jpg?s=120&d=mm&r=g)
Folks: dstufft already correctly explained that relying on MD5 allows for "doppelganger" packages -- two (or more) packages which are engineered at birth to have the same hash as each other. It isn't clear to me that this can be used for evil, but it isn't obvious that it *can't* be used for evil, either. So it would certainly be helpful to upgrade the hash function so that we don't have to think about that anymore, but in my opinion it is not an emergency. I'd like to push back on the other risk, that someone might figure out how to make MD5 second-pre-images. I don't think this is a risk that we need to urgently address, and I've written a short note explaining why. This note is incomplete, badly edited, has not been peer-reviewed, and is not ready for publication, but I thought it might help folks evaluate how urgent it is to upgrade from MD5, so here it is. Regards, Zooko