[Distutils] Proposal: drop md5 for sha256
Jeroen Dekkers
jeroen at dekkers.ch
Tue Jul 3 14:48:35 CEST 2012
At Tue, 3 Jul 2012 07:14:43 -0400,
Daniel Holth wrote:
> It's embarrassing to see md5 used for any reason. You go to pypi, and
> every download link has an md5 sum of the package, and you think "what
> is this archaic system that gives me a useless hash, implicated in
> such fine situations as the Flame malware and ever-improving attacks
> against md5?" It is irrelevant that it is "probably good enough for
> this limited use". You might as well use CRC32; it is much shorter.
Yes, you're right, pypi could as well use CRC32. From a security
perspective nothing would change, nor if we would switch to sha512,
because there is no way to know whether the hash is correct. Without a
trust path the hash is pretty useless except for verifying that the
download isn't corrupted.
And even if we would have trust paths, the md5 attacks are collision
attacks, not preimage attacks. That means the security threat you're
worrying about is that a developer uploads something to pypi with the
intention of replacing that by something else with the same hash
without anyone noticing. And although it is worthwhile to protect
against such kind of things, you should also ask the question why
you're running code from such a developer.
And yes, attacks on md5 will only get better, so we should migrate to
better hashes in the future. But if there is something to be
embarrassed about, it's not the use of md5, but the lack of proper
code signing and trust paths between developers.
Kind regards,
Jeroen Dekkers
More information about the Distutils-SIG
mailing list