PEP 376

[Lie Ryan]

Joachim Strömbergson wrote:
> Aloha!
> 
> Tarek Ziadé wrote:
>> The prefix is a good idea but since it's just a checksum to control
>> that the file hasn't changed
>> what's wrong with using a weak hash algorithm like md5 or now sha1 ?
> 
> Because it creates a dependency to an old algorithm that should be
> deprecated. Also using MD5, even for a thing like this might make people
> belive that it is an ok algorithm to use - "Hey, it is used by the
> default install in Python, so it must be ok, right?"
> 
> If we flip the argument around: Why would you want to use MD5 instead of
> SHA-256? For the specific use case the performance will not (should not)
> be an issue.
> 
> As I wrote a few mails ago, it is time to move forward from MD5 and
> designing something in 2009 that will be around for many years that uses
> MD5 is (IMHO) a bad design decision.
> 
>> If someone wants to modify a file of a distribution he can recreate
>> the checksum as well,
>> the only secured way to prevent that would be to use gpg keys but
>> isn't that overkill for what we need ?
> 
> Actually, adding this type of security would IMHO be a good idea.
> 

Now, are we actually talking about security or checksum?

It has been known for years that MD5 is weak, weak, weak. Not just in
the recent years. But it doesn't matter since MD5 was never designed for
security, MD5 was designed to protect against random bits corruption. If
you want security, look at least to GPG. For data protection against
intentional, malicious forging, definitely MD5 is the wrong choice. But
when you just want a simple checksum to ensure that a faulty router
somewhere in the internet backbone doesn't destroying your data, MD5 is
a fine algorithm.