[Python-ideas] Using sha512 instead of md5 on python.org/downloads
songofacandy at gmail.com
Fri Dec 7 21:05:43 EST 2018
> It seems to me that moving to a cryptographically-secure hash would give
> many people a false sense of security, that just because the hash
> matched, the download was not only not corrupted, but not compromised as
> well. For those two purposes:
> - testing for accidental corruption;
> - testing for deliberate compromise;
> md5 and sha512 are precisely equivalent: both are sufficient for the
> first, and useless for the second. But a crypto-hash can give a false
> sense of security. The original post in this thread is evidence of that.
> As such, I don't think we should move to anything stronger than md5.
We already use SHA256 on PyPI.
Many project in the world moving from md5 to SHA256.
And at some time, SHA256 can be better than md5.
When hash is delivered through other route than content, it's difficult
to attack / easy to detect we're under attack.
For example, sha256 is written in requirements.txt or Homebrew formula.
When hash mismatch is happened, we can detect something go wrong.
So it's worth to write stronger hash in such files.
And if we use sha256 on download site, it's easy to check hash equality
between formula and download site. If it's different, Homebrew or download
site is under attack.
So I think it's worth enough to moving to stronger and more used hash.
(And by this reason, I prefer sha256 to sha512 for now.)
INADA Naoki <songofacandy at gmail.com>
More information about the Python-ideas