Il giorno 09/mar/2013, alle ore 19:09, Christian Heimes <[email protected]> ha scritto:
> Am 09.03.2013 02:06, schrieb Giovanni Bajo: >> It's a good practice to avoid crypto algorithms whose foundations are known >> to be broken. This is one of those cases. If we ever touch code that uses >> MD5, we should drop it immediately. There is no reason to keep it and wait >> for someone to release an attack, so that the world can point fingers at us >> and laugh. > > Relax, MD5 is still fine to detect broken or partial downloads. Trust > me, this still happens a lot with broken proxy servers and unstable > network connections. I have seen my fair share of broken files during > deployments at works. > > If we are going to remove MD5 *now*, then we are going to remove the > last bit of security from old tools. I agree that MD5 doesn't provide > strong cryptographic security. But it's still better than no checksum. When I say "we should drop it", I obviously meant "replace it with a different algorithm". The post was intended to make sure that we migrate away from it, since we're touching that code. I wasn't certainly advocating against using any checksum algorithm. -- Giovanni Bajo :: [email protected] Develer S.r.l. :: http://www.develer.com My Blog: http://giovanni.bajo.it
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
