MD5 and SHA cracked/broken...
Magnus Lie Hetland
mlh at furu.idi.ntnu.no
Sat Sep 11 12:59:56 EDT 2004
I saw this in an article referenced from slashdot a while back, and it
occurred to me that it might be relevant here...
Basically, at Crypto 2004 preliminary papers were presented that
pointed out weaknesses in MD5, SHA-0 and SHA-1. As far as I can tell,
MD5 is broken and SHA-1 seems to be in a precarious position (even
though I don't know the details at all).
Perhaps it would be appropriate to add a note, warning or "See also"
to the library documentation for the md5 and sha modules?
Of course, these modules don't give any guarantees, but their
functionality does seem to imply a certain level of security
(especially SHA, whose name even includes the name "secure"). If this
name no longer holds, a "heads up" might be useful.
Does anyone understand enough crypto-speak to figure out how
problematic this all is, and what applications should be avoided?
Also -- are there any alternative one-way functions that are still
considered safe, and that could be useful as Python modules (in place
of, perhaps, md5 and sha)?
--
Magnus Lie Hetland The time you enjoy wasting is not wasted time
http://hetland.org -- Bertrand Russel
More information about the Python-list
mailing list