[Distutils] a plea for backward-compatibility / smooth transitions
zooko
zooko at zooko.com
Mon Jul 29 23:04:48 CEST 2013
On Mon, Jul 29, 2013 at 04:33:11PM -0400, Donald Stufft wrote:
>
> Somewhat relevant to the question at hand: http://valerieaurora.org/hash.html
Heh heh. That page is cited in my note. My note is kind of a response to that
page, showing that the history of pre-image attacks is completely different
than the history of collision attacks.
> (Yes it lists sha-2 as weakened, which it is. However sha-3 isn't widespread
> enough for us :( )
There's no reason to worry about SHA-2. In my opinion, there's no particular
reason to think that it will be made vulnerable to collisions within the next
decade!
By the way, I'm a co-author of a secure hash function -- BLAKE2:
https://blake2.net/
The intent of BLAKE2 is to be as secure as SHA-3 but as fast as MD5. Not only
is it as fast as MD5, but it also has an optional parallel mode that can go 4
or 8 times as fast as MD5 by using 4 or 8 CPU cores!
It is currently being adopted for uses like data deduplication, archiving, and
distributed filesystems, where the data can be large (terabytes or more), and
the performance of the hash function is a bottleneck.
I don't think Python packaging has such needs, and BLAKE2 is not a standard
like SHA-2 and SHA-3, so I'm not pushing to add support for it.
Regards,
Zooko
More information about the Distutils-SIG
mailing list