[issue4858] Deprecation of MD5
Marc-Andre Lemburg
report at bugs.python.org
Tue Jan 6 21:17:53 CET 2009
Marc-Andre Lemburg <mal at egenix.com> added the comment:
On 2009-01-06 21:06, Lukas Lueg wrote:
> MD5 is one of the most popular cryptographic hash-functions around,
> mainly for it's good performance and availability throughout
> applications and libraries. The MD5 algorithm is currently implemented
> in python as part of the hashlib-module and (in more general terms) as
> part of SSL in the ssl-module. However, concerns about the security of
> MD5 have risen during the last few years. In 2007 a practical attack to
> create collisions in the compression-function has been released and on
> 12/31/2008 US-CERT issued a note to warn about the general insecurity of
> MD5 (http://www.kb.cert.org/vuls/id/836068).
>
>
> I propose and strongly suggest to start deprecate direct support for MD5
> during this year and completly remove support for it afterwards.
A strong -1 on that idea.
MD5 is in wide-spread use as hash function. It can no longer
be considered a cryptographic hash function, but still serves its
purpose as fast, easy to use general purpose hash function well.
Removing it from Python would cripple Python for no apparent reason.
----------
nosy: +lemburg
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue4858>
_______________________________________
More information about the Python-bugs-list
mailing list