[Catalog-sig] Mandatory Reset of PyPI Passwords

Antoine Pitrou solipsis at pitrou.net
Wed Feb 13 21:36:53 CET 2013

Previous message: [Catalog-sig] Mandatory Reset of PyPI Passwords
Next message: [Catalog-sig] Mandatory Reset of PyPI Passwords
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Donald Stufft <donald.stufft <at> gmail.com> writes:
> 
> Why is it worse? SHA1 isn't terribly broken AFAIK.
> 
> Because you lower the available entropy, "birthday paradox". 

How so? Collisions are highly unlikely on a non-broken 160-bit hash function.
I don't understand how the birthday paradox is a practical problem.

Regards

Antoine.

Previous message: [Catalog-sig] Mandatory Reset of PyPI Passwords
Next message: [Catalog-sig] Mandatory Reset of PyPI Passwords
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Catalog-SIG mailing list