Marc-Andre Lemburg <m...@egenix.com> added the comment: On 2009-01-06 21:06, Lukas Lueg wrote: > MD5 is one of the most popular cryptographic hash-functions around, > mainly for it's good performance and availability throughout > applications and libraries. The MD5 algorithm is currently implemented > in python as part of the hashlib-module and (in more general terms) as > part of SSL in the ssl-module. However, concerns about the security of > MD5 have risen during the last few years. In 2007 a practical attack to > create collisions in the compression-function has been released and on > 12/31/2008 US-CERT issued a note to warn about the general insecurity of > MD5 (http://www.kb.cert.org/vuls/id/836068). > > > I propose and strongly suggest to start deprecate direct support for MD5 > during this year and completly remove support for it afterwards.
A strong -1 on that idea. MD5 is in wide-spread use as hash function. It can no longer be considered a cryptographic hash function, but still serves its purpose as fast, easy to use general purpose hash function well. Removing it from Python would cripple Python for no apparent reason. ---------- nosy: +lemburg _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue4858> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
