> That is totally not what I said. We don't care about collision resistance, > but we still need preimage resistance. That is still fine for SHA1 (even MD5 > as far as I know).
If that's your point, an attacker can produce two colliding packages: a perfectly sound mathematical package and a malicious one. He gets the mathematical package accepted by SageMath, then uses the malicious one to perform the attack. I'm not saying that's easy to do. The perfectly sound mathematical package would still have to contain some weird octets, but a package that looks like, e.g., a database of polynomials, could conceivably evade detection. I'm saying all this to satisfy the applied cryptographer in you. There are certainly easier ways to insert malicious code into Sage (just create a ticket and have a buddy positive review it), but that's not a good reason to keep using SHA1. Luca -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.