PEP 376

[Charles Yeomans]

On Jul 2, 2009, at 1:37 PM, Lie Ryan wrote:

> Joachim Strömbergson wrote:
>> Aloha!
>>
>> Tarek Ziadé wrote:
>>> The prefix is a good idea but since it's just a checksum to control
>>> that the file hasn't changed
>>> what's wrong with using a weak hash algorithm like md5 or now sha1 ?
>>
>> Because it creates a dependency to an old algorithm that should be
>> deprecated. Also using MD5, even for a thing like this might make  
>> people
>> belive that it is an ok algorithm to use - "Hey, it is used by the
>> default install in Python, so it must be ok, right?"
>>
>> If we flip the argument around: Why would you want to use MD5  
>> instead of
>> SHA-256? For the specific use case the performance will not (should  
>> not)
>> be an issue.
>>
>> As I wrote a few mails ago, it is time to move forward from MD5 and
>> designing something in 2009 that will be around for many years that  
>> uses
>> MD5 is (IMHO) a bad design decision.
>>
>>> If someone wants to modify a file of a distribution he can recreate
>>> the checksum as well,
>>> the only secured way to prevent that would be to use gpg keys but
>>> isn't that overkill for what we need ?
>>
>> Actually, adding this type of security would IMHO be a good idea.
>>
>
> Now, are we actually talking about security or checksum?
>
> It has been known for years that MD5 is weak, weak, weak. Not just in
> the recent years. But it doesn't matter since MD5 was never designed  
> for
> security, MD5 was designed to protect against random bits  
> corruption. If
> you want security, look at least to GPG. For data protection against
> intentional, malicious forging, definitely MD5 is the wrong choice.  
> But
> when you just want a simple checksum to ensure that a faulty router
> somewhere in the internet backbone doesn't destroying your data, MD5  
> is
> a fine algorithm.
> -- 

On the contrary, MD5 was intended to be a cryptographic hash function,  
not a checksum.

Charles Yeomans