On Mar 8, 2013, at 4:12 PM, PJ Eby <p...@telecommunity.com> wrote: > On Fri, Mar 8, 2013 at 2:52 PM, Noah Kantrowitz <n...@coderanger.net> wrote: >> MD5 is _not_ acceptable for anything security related and we shouldn't be >> adding anything that increases our dependence on it. MD5's only use in the >> packaging world is to make people who forget that TCP has its own checksums >> feel all warm and fuzzy that there hasn't been _accidental_ download >> corruption. > > So, you're saying that someone has found a second-preimage attack > against MD5 that's more efficient than the current 2**127 threshold > established in 2009? > > "Anything security related" is pretty broad. Out of the many classes > of attacks on hashes, AFAIK the only class that's relevant to PyPI is > second preimage attacks, i.e. one where the attacker has the original > file and the hash, and must construct a new file that produces the > same hash value. > > Did you have some other type of hash attack in mind? And in either > case, do you have a referent for the attack complexity? > _______________________________________________ > Catalog-SIG mailing list > Catalog-SIG@python.org > http://mail.python.org/mailman/listinfo/catalog-sig
Here's some more information pulled straight from Wikiepdia:
However, it has since been shown that MD5 is not collision resistant;[3] as
such, MD5 is not suitable for applications like SSL certificates or digital
signatures that rely on this property. In 1996, a flaw was found with the
design of MD5, and while it was not a clearly fatal weakness, cryptographers
began recommending the use of other algorithms, such as SHA-1—which has since
been found to be vulnerable as well. In 2004, more serious flaws were
discovered in MD5, making further use of the algorithm for security purposes
questionable—specifically, a group of researchers described how to create a
pair of files that share the same MD5 checksum.[4][5] Further advances were
made in breaking MD5 in 2005, 2006, and 2007.[6] In December 2008, a group of
researchers used this technique to fake SSL certificate validity,[7][8] and CMU
Software Engineering Institute now says that MD5 "should be considered
cryptographically broken and unsuitable for further use",[9] and most U.S.
government applications now require the SHA-2 family of hash functions.[10]
Here's the important highlights:
- specifically, a group of researchers described how to create a pair of
files that share the same MD5 checksum
- MD5 "should be considered cryptographically broken and unsuitable for
further use"
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
