[Python-ideas] Using sha512 instead of md5 on python.org/downloads

Steven D'Aprano steve at pearwood.info
Fri Dec 7 23:09:26 EST 2018

On Fri, Dec 07, 2018 at 04:35:56PM -0800, Nathaniel Smith wrote:
> On Fri, Dec 7, 2018 at 3:38 PM Steven D'Aprano <steve at pearwood.info> wrote:
> > On Fri, Dec 07, 2018 at 01:25:19PM -0800, Nathaniel Smith wrote:
> >
> > > For this specific purpose, md5 is just as good as a proper hash. But all
> > > else being equal, it would still be better to use a proper hash, just so
> > > people don't have to go through the whole security analysis to check
> > > that.
> >
> > I don't understand what you are trying to say here about "the whole
> > security analysis" to check "that". What security analysis, and
> > what is "that"?
> >
> The analysis that people posted in this thread, demonstrating that for the
> particular purpose at hand, md5 and sha-whatever are equally useful.

Okay, so your position is that even though there's no actual increase in 
security from using sha512, we ought to use it so that people who don't 
know any better won't complain that we're using a "less secure" hash. Is 
that accurate?

As security theatre goes, I guess its less harmful than most :-)

> If you're worried about giving people a false sense of security, I think it
> would be more effective to post a prominent notice or link describing how
> people should interpret the hashes.

I want to avoid encouraging a false sense of security. I'm not sure 
that we ought to extend that further to actively taking on the 
responsibility of teaching users about this.

On the other hand, perhaps threads like this suggest that this is 
inevitable... on the gripping hand, many users won't read the notice 
regardless of what we do...

How often does this issue come up? I'm not sure it is common enough to 
bother fixing, but others' judgement on that may differ.

> Maybe some people see md5 and think
> "ah-hah, this is their way of warning me that the hash is suitable for
> defending against accidental corruption but not malicious actors", but it
> must be a small minority :-). (That's certainly not what the OP thought.)

I didn't think they would.

> Most people will just think we're fools who don't realize or care md5 is
> broken. Statistically, that's a pretty reasonable guess when you see
> someone using md5.

I don't think there's any way to know for sure, but I'd be shocked if 
"most people" even thought about the issue, or checked the hash, 
regardless of whether it is sha512, md5 or a CRC checksum. In my 
experience, browsers and downloaders like wget either download the data 
correctly, or they make it damn obvious that the download failed. YMMV.

As for those who "think we're fools", that's not a reasonable guess by 
any means. Since we're not fools, and for the purposes we're using the 
hash there is no difference between md5 and sha512, such a guess would 
be a classic example of "a little knowledge is dangerous" and "not as 
clever or well-informed as you think you are" (that's a generic "you", 
not you personally). If they don't think we're fools for using md5, 
they'll probably think we're fools for some other reason.


More information about the Python-ideas mailing list