[Catalog-sig] hash tags

PJ Eby pje at telecommunity.com
Fri Mar 8 22:12:05 CET 2013

On Fri, Mar 8, 2013 at 2:52 PM, Noah Kantrowitz <noah at coderanger.net> wrote:
> MD5 is _not_ acceptable for anything security related and we shouldn't be adding anything that increases our dependence on it. MD5's only use in the packaging world is to make people who forget that TCP has its own checksums feel all warm and fuzzy that there hasn't been _accidental_ download corruption.

So, you're saying that someone has found a second-preimage attack
against MD5 that's more efficient than the current 2**127 threshold
established in 2009?

"Anything security related" is pretty broad.  Out of the many classes
of attacks on hashes, AFAIK the only class that's relevant to PyPI is
second preimage attacks,  i.e. one where the attacker has the original
file and the hash, and must construct a new file that produces the
same hash value.

Did you have some other type of hash attack in mind?  And in either
case, do you have a referent for the attack complexity?

More information about the Catalog-SIG mailing list