[Catalog-sig] hash tags
donald at stufft.io
Fri Mar 8 22:26:07 CET 2013
On Mar 8, 2013, at 4:12 PM, PJ Eby <pje at telecommunity.com> wrote:
> On Fri, Mar 8, 2013 at 2:52 PM, Noah Kantrowitz <noah at coderanger.net> wrote:
>> MD5 is _not_ acceptable for anything security related and we shouldn't be adding anything that increases our dependence on it. MD5's only use in the packaging world is to make people who forget that TCP has its own checksums feel all warm and fuzzy that there hasn't been _accidental_ download corruption.
> So, you're saying that someone has found a second-preimage attack
> against MD5 that's more efficient than the current 2**127 threshold
> established in 2009?
> "Anything security related" is pretty broad. Out of the many classes
> of attacks on hashes, AFAIK the only class that's relevant to PyPI is
> second preimage attacks, i.e. one where the attacker has the original
> file and the hash, and must construct a new file that produces the
> same hash value.
Relevant to PyPI is pretty broad, and when you're developing a secure system you need to look past what is ok *today* and design for the next 5, 10, or 20 years. So even if there's no attack that can directly allow replacing the target file with a new one, continuing to utilize it is bad. It has a number of weaknesses which do not install confidence in its future security meanwhile there are a number of other hashes which _do_.
Unless you'd rather be trying to replace hashes everywhere once it's already completely broken.
> Did you have some other type of hash attack in mind? And in either
> case, do you have a referent for the attack complexity?
> Catalog-SIG mailing list
> Catalog-SIG at python.org
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Catalog-SIG