On Fri, Dec 7, 2018 at 3:38 PM Steven D'Aprano <st...@pearwood.info> wrote:
> On Fri, Dec 07, 2018 at 01:25:19PM -0800, Nathaniel Smith wrote: > > > For this specific purpose, md5 is just as good as a proper hash. But all > > else being equal, it would still be better to use a proper hash, just so > > people don't have to go through the whole security analysis to check > that. > > I don't understand what you are trying to say here about "the whole > security analysis" to check "that". What security analysis, and > what is "that"? > > It seems to me that moving to a cryptographically-secure hash would give > many people a false sense of security, that just because the hash > matched, the download was not only not corrupted, but not compromised as > well. For those two purposes: > > - testing for accidental corruption; > - testing for deliberate compromise; > > md5 and sha512 are precisely equivalent: both are sufficient for the > first, and useless for the second. But a crypto-hash can give a false > sense of security. The original post in this thread is evidence of that. > > As such, I don't think we should move to anything stronger than md5. > If we switched to sha2+ or listed 8 different hashes at once in the announcement text so that nobody can find the actual link content, we'd stop having people pipe up and complain that we used md5 for something. Less mailing list threads like this one seems like a benefit. :P Debian provides all of the popular FIPS hashes, in side files, so people can use whatever floats their boat for a content integrity check: https://cdimage.debian.org/debian-cd/current/ppc64el/iso-cd/ >From a semi-security perspective without verifying gpg signatures, listing a currently collision-resistant hash (sha2 onwards today) in widely disseminated release announcement that goes on mailing lists and gets forwarded and reposted in many places is still useful. Being not hosted in a single central place, if the downloads and hashes on the main servers change *after* their computation, publishing, and announcement - it serves as a widely distributed question mark. A pointless one, as the gpg signature also exists, but it is one none the less. As to windows and mac providing hashing functions on the command line, nope. assume nothing is provided. On linux my fingers would use "openssl hashname" rather than *sum commands. But none of those are ever required to be installed by anything. The only people who ever check hashes are those who already know what tools to use and how. Some could ironically install the downloaded python and use it to check its own hash. None of that is our problem. -gps
_______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
