[New-bugs-announce] [issue4858] Deprecation of MD5

["Martin v. Löwis"]

> I propose and strongly suggest to start deprecate direct support for MD5
> during this year and completly remove support for it afterwards.

-1. Stopping usage of md5 should be the user's choice, not Python's.

>  * MD5 is a cryptographic hash function, it's reason for being is
> security. By means of current hardware and attack vectors it's a matter
> of hours to create collisions and fool MD5 hashes. The reason for being
> has come to an end.

I think you misunderstand the kind of problem that has been detected.
It is still *not* possible to produce a colliding text within
reasonable, when given the md5 hash. So when md5 is used as the trap
function for password storage, it's use remains perfectly safe.

Likewise, md5 is still well capable of detecting corruption of binary
files (e.g. during downloads), and will remain in use for this
application for many more years.

It is only in the context of digital signatures that the "chosen prefix"
attack can be demonstrated successfully.

>  * Python runs an uncountable number of exposed user interfaces on the
> web. Usually the programmers rely on the security of the backing
> libraries. Python can't provide this with MD5.

That's like saying "Mercedes drivers rely on efficient operation of the
motor. By putting water into the tank, the motor fails to deliver. So
let's put a ban on the usage of water in cars."

>  * The functionality of MD5 can be easily replaced by using other hashes
> that are supported by python (e.g. SHA1). They supply compareable
> performance but are not binary-compatible (yay).

In some case, yes, replacement is easy. In other cases, replacement is
not so easy. For example, for password hashes, you cannot simply rehash
all passwords - because you typically don't know what they are.