[Distutils] Migrating Hashes from MD5 to SHA256
christian at python.org
Fri Jul 26 21:24:59 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Am 26.07.2013 18:25, schrieb Donald Stufft:
> PyPI has historically used MD5 in order to verify the downloads.
> However MD5 is severely broken and is generally regarded as
> something that should be migrated away from ASAP. From speaking
> with a number of cryptographers they've more or less said that the
> major reason they believe that MD5 hasn't had a published pre-image
> attack is just because it's so broken that most researchers have
> moved on to newer hashes.
> Since versions 1.2 pip has supported md5, sha1, and any of the sha2
> family. Additionally it has only supported SSL verification since
> 1.3. This means there is no version of pip which both verifies SSL
> and only allows MD5.
> Since version 0.9 setuptools has supported md5, sha1, and any of
> the sha2 family and it has only supported SSL verification since
> I propose we switch PyPI from using MD5 to using SHA256. There is
> no security lost from using a hash that pip prior to version 1.2
> doesn't understand as it didn't verify SSL so an attacker could
> simply modify the hashes if they wanted. Additionally there is no
> security list from setuptools versions earlier than 0.7.
A couple of months ago I suggested a schema that includes MD5, SHA-2
and file size:
That should work for old versions of setuptool and can easily be
supported in new versions of pip and setuptools.
A new hash sum scheme must include the possibility to add multiple and
new hash algorithms. A download tool shall check the hash sum for all
supported algorithms, too. I also like to see the file size in the
scheme. It's useful to know the file size in preparation of the
download. The file size validation mitigates some attack possibilities.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Distutils-SIG