On Fri, Jul 26, 2013 at 12:25:36PM -0400, Donald Stufft wrote: > PyPI has historically used MD5 in order to verify the downloads. However MD5 > is severely broken and is generally regarded as something that should be > migrated away from ASAP. From speaking with a number of cryptographers > they've more or less said that the major reason they believe that MD5 hasn't > had a published pre-image attack is just because it's so broken that most > researchers have moved on to newer hashes.
Who said that? That contradicts my beliefs. Thanks! Regards, Zooko _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
