[Python-ideas] Using sha512 instead of md5 on python.org/downloads

Gregory P. Smith greg at krypto.org
Fri Dec 7 23:55:53 EST 2018


On Fri, Dec 7, 2018 at 3:38 PM Steven D'Aprano <steve at pearwood.info> wrote:

> On Fri, Dec 07, 2018 at 01:25:19PM -0800, Nathaniel Smith wrote:
>
> > For this specific purpose, md5 is just as good as a proper hash. But all
> > else being equal, it would still be better to use a proper hash, just so
> > people don't have to go through the whole security analysis to check
> that.
>
> I don't understand what you are trying to say here about "the whole
> security analysis" to check "that". What security analysis, and
> what is "that"?
>
> It seems to me that moving to a cryptographically-secure hash would give
> many people a false sense of security, that just because the hash
> matched, the download was not only not corrupted, but not compromised as
> well. For those two purposes:
>
> - testing for accidental corruption;
> - testing for deliberate compromise;
>
> md5 and sha512 are precisely equivalent: both are sufficient for the
> first, and useless for the second. But a crypto-hash can give a false
> sense of security. The original post in this thread is evidence of that.
>
> As such, I don't think we should move to anything stronger than md5.
>

If we switched to sha2+ or listed 8 different hashes at once in the
announcement text so that nobody can find the actual link content, we'd
stop having people pipe up and complain that we used md5 for something.
Less mailing list threads like this one seems like a benefit. :P

Debian provides all of the popular FIPS hashes, in side files, so people
can use whatever floats their boat for a content integrity check:
 https://cdimage.debian.org/debian-cd/current/ppc64el/iso-cd/

>From a semi-security perspective without verifying gpg signatures, listing
a currently collision-resistant hash (sha2 onwards today) in widely
disseminated release announcement that goes on mailing lists and gets
forwarded and reposted in many places is still useful.  Being not hosted in
a single central place, if the downloads and hashes on the main servers
change *after* their computation, publishing, and announcement - it serves
as a widely distributed question mark.  A pointless one, as the gpg
signature also exists, but it is one none the less.

As to windows and mac providing hashing functions on the command line,
nope.  assume nothing is provided.  On linux my fingers would use "openssl
hashname" rather than *sum commands.  But none of those are ever required
to be installed by anything.  The only people who ever check hashes are
those who already know what tools to use and how.  Some could ironically
install the downloaded python and use it to check its own hash. None of
that is our problem.

-gps
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20181207/3e678387/attachment-0001.html>


More information about the Python-ideas mailing list