[Python-ideas] Using sha512 instead of md5 on python.org/downloads

Miro Hrončok mhroncok at redhat.com
Fri Dec 7 03:53:04 EST 2018


I see md5 checksums at a release download page such as [1].

My idea is to switch to sha512 for a more reliable outcome.

I'm no security expert, but AFAK md5 is generally believed to be unsafe, 
as it was repeatedly proven it can be vulnerable [2].

[1] https://www.python.org/downloads/release/python-371/
[2] https://en.wikipedia.org/wiki/MD5#Security
Miro Hrončok
Phone: +420777974800
IRC: mhroncok

More information about the Python-ideas mailing list