On Fri, Mar 8, 2013 at 2:52 PM, Noah Kantrowitz <n...@coderanger.net> wrote: > MD5 is _not_ acceptable for anything security related and we shouldn't be > adding anything that increases our dependence on it. MD5's only use in the > packaging world is to make people who forget that TCP has its own checksums > feel all warm and fuzzy that there hasn't been _accidental_ download > corruption.
So, you're saying that someone has found a second-preimage attack against MD5 that's more efficient than the current 2**127 threshold established in 2009? "Anything security related" is pretty broad. Out of the many classes of attacks on hashes, AFAIK the only class that's relevant to PyPI is second preimage attacks, i.e. one where the attacker has the original file and the hash, and must construct a new file that produces the same hash value. Did you have some other type of hash attack in mind? And in either case, do you have a referent for the attack complexity? _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig