On Tuesday, February 12, 2019, Jeremy Stanley <fu...@yuggoth.org> wrote:
> On 2019-02-12 17:02:25 -0500 (-0500), Wes Turner wrote: > > On Tuesday, February 12, 2019, Wes Turner <wes.tur...@gmail.com> wrote: > [...] > > > It is possible to find a nonce value that causes an arbitrary package > to > > > have the same MD5 hash as the actual package. > > > > e.g. browsers MUST NOT rely upon MD5 for x.509 certificate SSL/TLS/HTTPS > > fingerprints for exactly this reason. > [...] > > I fear we're verging far into armchair crypto here, but you're > either making buzzword soup or have a severely flawed understanding > of the algorithms involved. There is no nonce in an IETF RFC 1321 > (colloquially "MD5 checksum") implementation, so please at least > attempt to frame your assertions using terms found in the canonical > literature. > > Creating a malicious package which computes to the same MD5 checksum > as an existing package of your choice would require that the second > preimage resistance of the MD5 algorithm is broken, or that you got > (time complexity 2^128) "lucky." Uses of MD5 elsewhere which mix in > attacker-controlled inputs to generate the reference output are > another story entirely, but as with the any of the information > security field the actual risk depends on your threat model. > > I'm not about to recommend MD5 to anyone these days, don't get me > wrong. There are (at least marginally, again depending on your > threat model) better alternatives which require no additional effort > if you're designing a system from scratch. But let's not > mischaracterize the qualities of any algorithm, as it makes it > difficult for someone who does understand the differences to take us > seriously. All it has to be is an archive containing a setup.py. "MD5 considered harmful today: Creating a rogue CA certificate" (2008) https://www.win.tue.nl/hashclash/rogue-ca/ > -- > Jeremy Stanley >
-- Distutils-SIG mailing list -- distutils-sig@python.org To unsubscribe send an email to distutils-sig-le...@python.org https://mail.python.org/mailman3/lists/distutils-sig.python.org/ Message archived at https://mail.python.org/archives/list/distutils-sig@python.org/message/WQPMWBYVTJ3UOHZXDI7P3ULISVINV42P/