New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecation of MD5 #49108
Comments
MD5 is one of the most popular cryptographic hash-functions around, I propose and strongly suggest to start deprecate direct support for MD5
I'd like to start a discussion about this. Please keep in mind that - We should now act and give people time to update their implementations. In a rough cut:
Goodbye MD5 and thanks for all the fish. |
On 2009-01-06 21:06, Lukas Lueg wrote:
A strong -1 on that idea. MD5 is in wide-spread use as hash function. It can no longer Removing it from Python would cripple Python for no apparent reason. |
Because MD5 is used widely, Python needs to support it, if only to be |
The hashlib docs already mention the problems with md5 et al via a "Warning Some algorithms have known hash collision weaknesses, see the FAQ at the thanks for closing this. not gonna happen. |
As I already said to Raymond: At least we should update the The CERT-Advisory from provides a clean and simple language: "In 2008, |
On 2009-01-06 22:42, Lukas Lueg wrote:
That's a correct statement for cryptographic work based on MD5. However, it's not true with respect to using MD5 as fast general Note that the various SHA implementations are also starting to http://en.wikipedia.org/wiki/SHA1 also see: http://en.wikipedia.org/wiki/Hash_function """ It might be a good idea to remove the word "secure" from the |
I'm sorry, was that a boy attempted humor ? [Misuse quote from DH3: Check] Anyway, in fact that might be a good idea: Reflect that the hashlib |
Secure hash or cryptographic hash is the correct term and I think we I propose adding a sentence to the first paragraph noting that the level |
On 2009-01-06 23:10, Lukas Lueg wrote:
No, it's the reality of life and one of the reasons why digitally Note that SHA-0 and -1 were broken in 2005:
In Germany, the BSI which corresponds to the NSA in the US, publishes
They regard SHA-1 as expired by the end of this year. For SHA-2 functions The NSA has similar guidelines:
They currently suggest using SHA-2 functions for crypto applications,
BTW: Not sure what Deer Hunter 3 has to do with all this ;-)
|
actually I smelled irony and was referring to die hard 3 :-\
I know that of course and that's why I brought this all up.
Fine. |
-1. Stopping usage of md5 should be the user's choice, not Python's.
I think you misunderstand the kind of problem that has been detected. Likewise, md5 is still well capable of detecting corruption of binary It is only in the context of digital signatures that the "chosen prefix"
That's like saying "Mercedes drivers rely on efficient operation of the
In some case, yes, replacement is easy. In other cases, replacement is |
For the record, I'm with Martin -- there are many existing uses that we |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: