On Tuesday, February 12, 2019, Jeremy Stanley <fu...@yuggoth.org> wrote:
> On 2019-02-12 13:37:20 -0500 (-0500), Wes Turner wrote: > > MD5 is no longer suitable for verifying package integrity. > > > > https://en.wikipedia.org/wiki/MD5#Security > > > > > The security of the MD5 hash function is severely compromised. A > > > collision attack exists [...] there is also a chosen-prefix > > > collision attack > [...] > > The difference between collision (or chosen-prefix collision) and > preimage (or second preimage) attacks is still very relevant. With > MD5 you can't trust that someone who provided you with an input and > a hash of that input hasn't carefully crafted that input so that > there is also a second input which results in the same hash. Or in > package terms, you can't trust that the package you've received > wasn't part of a contrived scheme on the part of someone you've > already decided to trust. You can still rest assured (for now > anyway) that the package you receive is the same one the person or > system providing the MD5 checksum intended for you to receive. It is possible to find a nonce value that causes an arbitrary package to have the same MD5 hash as the actual package. > > But because trying to explain this nuance to people is considerably > harder than just saying "MD5 bad" it's simply not worth trying to > have the discussion most of the time, and so easier instead to > replace it with a more modern alternative and move on with your > life. > -- > Jeremy Stanley >
-- Distutils-SIG mailing list -- distutils-sig@python.org To unsubscribe send an email to distutils-sig-le...@python.org https://mail.python.org/mailman3/lists/distutils-sig.python.org/ Message archived at https://mail.python.org/archives/list/distutils-sig@python.org/message/Q6TVV5BTGXGGQBHTR33ICTA2GEKZSBPF/
