PEP 376
Scott David Daniels
Scott.Daniels at Acm.Org
Tue Jun 30 23:11:38 EDT 2009
Carl Banks wrote:
> On Jun 30, 5:55 pm, Lawrence D'Oliveiro <l... at geek-
> central.gen.new_zealand> wrote:
>> In message <mailman.2410.1246390911.8015.python-l... at python.org>, Tarek
>>
>> Ziadé wrote:
>>> I would like to propose this PEP for inclusion into Python 2.7 / 3.2
>>> http://www.python.org/dev/peps/pep-0376/
>> Why are you using MD5?
>
> I doubt it's the design aim for eggs to be cryptographically secure,
> and MD5 is sufficient to detect changes.
On the other hand, SHA1 is easily within the reach of current and older
CPUs, while problems have already been found with forgeble MD5 puns, and
we cannot expect the cases to shrink. I don't see much harm in going
for SHA1 now as something likely to last a few years.
--Scott David Daniels
Scott.Daniels at Acm.Org
More information about the Python-list
mailing list