Message 338083 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	fazl
Recipients	fazl
Date	2019-03-16.13:18:34
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1552742314.29.0.141411546452.issue36316@roundup.psfhosted.org>
In-reply-to

Content
Python is widely used and should use more trustworthy checksums than MD5. Even the successor to MD5 (SHA-1) was considered insecure in 2017. From https://nakedsecurity.sophos.com/2017/02/23/bang-sha-1-collides-at-38762cf7f55934b34d179ae6a4c80cadccbb7f0a/ : "For many years [...] MD5 was widely used [...] but it is now forbidden in the cryptographic world because [...] MD5 collisions are easy to generate on purpose, so the algorithm can no longer be trusted."

Python is widely used and should use more trustworthy checksums than MD5.

Even the successor to MD5 (SHA-1) was considered insecure in 2017. From https://nakedsecurity.sophos.com/2017/02/23/bang-sha-1-collides-at-38762cf7f55934b34d179ae6a4c80cadccbb7f0a/ :

"For many years [...] MD5 was widely used [...] but it is now forbidden in the cryptographic world because [...] MD5 collisions are easy to generate on purpose, so the algorithm can no longer be trusted."

History
Date	User	Action	Args
2019-03-16 13:18:34	fazl	set	recipients: + fazl
2019-03-16 13:18:34	fazl	set	messageid: <1552742314.29.0.141411546452.issue36316@roundup.psfhosted.org>
2019-03-16 13:18:34	fazl	link	issue36316 messages
2019-03-16 13:18:34	fazl	create