[New-bugs-announce] [issue4858] Deprecation of MD5

Lukas Lueg report at bugs.python.org
Tue Jan 6 21:06:16 CET 2009

New submission from Lukas Lueg <knabberknusperhaus at yahoo.de>:

MD5 is one of the most popular cryptographic hash-functions around,
mainly for it's good performance and availability throughout
applications and libraries. The MD5 algorithm is currently implemented
in python as part of the hashlib-module and (in more general terms) as
part of SSL in the ssl-module. However, concerns about the security of
MD5 have risen during the last few years. In 2007 a practical attack to
create collisions in the compression-function has been released and on
12/31/2008 US-CERT issued a note to warn about the general insecurity of
MD5 (http://www.kb.cert.org/vuls/id/836068).

I propose and strongly suggest to start deprecate direct support for MD5
during this year and completly remove support for it afterwards.

 * MD5 is a cryptographic hash function, it's reason for being is
security. By means of current hardware and attack vectors it's a matter
of hours to create collisions and fool MD5 hashes. The reason for being
has come to an end.
 * Python runs an uncountable number of exposed user interfaces on the
web. Usually the programmers rely on the security of the backing
libraries. Python can't provide this with MD5.
 * The functionality of MD5 can be easily replaced by using other hashes
that are supported by python (e.g. SHA1). They supply compareable
performance but are not binary-compatible (yay).
 * Programmers use MD5 in python without the need for it's cryptographic
attributes (e.g. creating unique indexes). Keeping MD5 for this use
however devaluates overall security of python for the good of few.

I'd like to start a discussion about this. Please keep in mind that -
although MD5 is currently still very popular and python's support for it
is justifed by demand - it's existence will come to an end soon.

We should now act and give people time to update their implementations. 

In a rough cut:

 - Patch haslib to throw a DeprecationWarning, starting during the first
half of 2009.
 - Update documentation not to use MD5 for security reasons
 - Remove MD5 from python in 2010.
 - Keep accordance to PEP 4

Goodbye MD5 and thanks for all the fish.

components: Extension Modules
messages: 79281
nosy: ebfe
severity: normal
status: open
title: Deprecation of MD5
versions: Python 2.7, Python 3.1

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list