[Distutils] Migrating Hashes from MD5 to SHA256

Donald Stufft donald at stufft.io
Sat Jul 27 03:29:06 CEST 2013 

On Jul 26, 2013, at 8:55 PM, zooko <zooko at zooko.com> wrote:

> On Fri, Jul 26, 2013 at 12:25:36PM -0400, Donald Stufft wrote:
>> PyPI has historically used MD5 in order to verify the downloads. However MD5 is severely broken and is generally regarded as something that should be migrated away from ASAP. From speaking with a number of cryptographers they've more or less said that the major reason they believe that MD5 hasn't had a published pre-image attack is just because it's so broken that most researchers have moved on to newer hashes.
> 
> Who said that? That contradicts my beliefs.
> 

It's possible I misunderstood the exact implications of what they were
saying. I am not a cryptographer and it was a month or two ago we
spoke. It was stressed to me that PyPI should be moving off of MD5.

I do believe however that we don't know for sure if MD5 is going to be
have a practical pre-image attack tomorrow, or if it will last another 10
years. Given that all security systems are not infallible and are generally
designed so that you have margins of security so there is time to migrate.

The safety margins on MD5 have long since gone so by continuing to use
it we are ignoring prudence (especially at a fairly ideal time where we are
at a transitioning from unverified HTTPS/HTTP to HTTPS so we do not
need to regard backwards compatibility as highly). As far as I am aware
these attacks tend to come all of a sudden and without warning. I would
much rather have already migrated to something that still has it's safety
margins than be caught with our proverbial pants down and need to
scramble *if* an attack is discovered.

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130726/623c12dc/attachment.pgp>

More information about the Distutils-SIG mailing list