[Distutils] Proposal: drop md5 for sha256
Tarek Ziadé
tarek at ziade.org
Wed Jul 4 09:35:06 CEST 2012
On 7/4/12 2:50 AM, PJ Eby wrote:
> On Tue, Jul 3, 2012 at 7:33 PM, Jennings, Jared L CTR USAF AFMC 46
> SK/CCI <jared.jennings.ctr at eglin.af.mil
> <mailto:jared.jennings.ctr at eglin.af.mil>> wrote:
>
> On hosts configured for compliance with U.S. Federal Information
> Processing Standard (FIPS) 140-2
> <http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf>, like
> those in some banks and, yes, the U.S. Department of Defense,
> cryptographic modules (such as OpenSSL, which underlies hashlib)
> are not
> allowed to calculate MD5 digests, because MD5 is no longer a FIPS
> Approved digest algorithm.
>
>
> So if it's not a cryptographic module, it's okay? ;-)
>
> I know no one is trying here to lean on MD5 for security, but the
> standard says nothing about the reason why you're using MD5: just that
> you can't.
>
> No one expects a digest algorithm to fail, and Python 2.x may not have
> been fixed to check for that before being frozen
> <https://bugzilla.redhat.com/show_bug.cgi?id=746118#c3>, so if you run
> an MD5 checksum on a FIPS-compliant system with an unpatched
> Python 2.x,
> the Python interpreter will segfault. (Ruby, too, had this problem and
> was itself only recently fixed,
> <http://bugs.ruby-lang.org/issues/4944>.)
>
> I have to configure hosts in accordance with FIPS 140-2, so the more
> places I can get rid of MD5, the less headaches I have.
>
>
> If we replace it with something else, then I suggest we replace it
> with something that's even MORE braindead than md5 so that nobody will
> mistake it for a secure hash. Otherwise, we will have this exact same
> problem all over again when the replacement "secure" hash is disabled
> by a newer version of FIPS.
>
> The other option is simply to forego a checksum altogether and assume
> same size = same file. Honestly, I don't remember why we cared about
> detecting such modifications in the first place: neither PEP 376 nor
> 262 explain why, and 376 doesn't explain why it went with md5 instead
> of sha1 (as in PEP 262).
I wanted to be able to offer a way for installers to detect that a file
was changed to avoid deleting it for instance, and issue a warning to
the user -- or maybe give a chance to the installer to save a copy of
the file somewhere.
I picked md5 because I wanted it brain dead and could not imagine that
would be an issue somehow. Maybe zlib.crc32 would be a better choice.
If we remove the hash, oh well. no big deal I guess. If an installer
wants to add this feature it can maintain hashes itself.
>
>
>
> _______________________________________________
> Distutils-SIG maillist - Distutils-SIG at python.org
> http://mail.python.org/mailman/listinfo/distutils-sig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20120704/2af27806/attachment.html>
More information about the Distutils-SIG
mailing list