Am 08.03.2013 22:43, schrieb Daniel Holth: > Check out https://blake2.net/ ; it is both faster and more secure than > md5. md5 does have to go, no matter how secure it is in this > particular application. SHA2 is the only choice that doesn't require a > long explanation. When this came up a little less than a year ago we > talked about maybe including the SHA2 hash in one of the link > attributes <a href= something="hash"> for the benefit of old clients.
Let's not add yet another crypto hash algorithm. :) We have SHA-1 and SHA-2, that's ought be be enough. SHA-3 is available for Python 3.4 and I provide stand-alone sources and binaries for 2.6 to 3.3. Blake2 looks nice but we should stick to NIST-approved algorithms. The combination of file size, MD5 (for legacy reasons), SHA-1 and perhaps SHA-256 is more than sufficient. Don't forget that files have to be valid tar.gz, tar.bz2, zip or Windows binaries, too ... Christian _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig