On Jul 26, 2013, at 8:55 PM, zooko <zo...@zooko.com> wrote: > On Fri, Jul 26, 2013 at 12:25:36PM -0400, Donald Stufft wrote: >> PyPI has historically used MD5 in order to verify the downloads. However MD5 >> is severely broken and is generally regarded as something that should be >> migrated away from ASAP. From speaking with a number of cryptographers >> they've more or less said that the major reason they believe that MD5 hasn't >> had a published pre-image attack is just because it's so broken that most >> researchers have moved on to newer hashes. > > Who said that? That contradicts my beliefs. >
It's possible I misunderstood the exact implications of what they were saying. I am not a cryptographer and it was a month or two ago we spoke. It was stressed to me that PyPI should be moving off of MD5. I do believe however that we don't know for sure if MD5 is going to be have a practical pre-image attack tomorrow, or if it will last another 10 years. Given that all security systems are not infallible and are generally designed so that you have margins of security so there is time to migrate. The safety margins on MD5 have long since gone so by continuing to use it we are ignoring prudence (especially at a fairly ideal time where we are at a transitioning from unverified HTTPS/HTTP to HTTPS so we do not need to regard backwards compatibility as highly). As far as I am aware these attacks tend to come all of a sudden and without warning. I would much rather have already migrated to something that still has it's safety margins than be caught with our proverbial pants down and need to scramble *if* an attack is discovered. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
