-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aloha!
Carl Banks wrote: > On Jun 30, 5:55 pm, Lawrence D'Oliveiro <l...@geek- > central.gen.new_zealand> wrote: >> In message <mailman.2410.1246390911.8015.python-l...@python.org>, Tarek >> >> Ziadé wrote: >>> I would like to propose this PEP for inclusion into Python 2.7 / 3.2 >>> http://www.python.org/dev/peps/pep-0376/ >> Why are you using MD5? > > I doubt it's the design aim for eggs to be cryptographically secure, > and MD5 is sufficient to detect changes. Even so, choosing md5 in 2009 for something that (hopefully) will be used in years is a bad design decision. It creates a dependency for to an algorithm that all sensible recommendations point you to move away from. Just check hashlib documentation for example: http://docs.python.org/library/hashlib.html I would suggest to use the SHA-256 in the library. The reason for this is that md5 and SHA-1 are weak. The computational complexity of SHA-256 is bigger, but since it probably wont be done many thousands of times during an egg installation, it shouldn't add a noticable delay. - -- Med vänlig hälsning, Yours Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== Kryptoblog - IT-säkerhet på svenska http://www.strombergson.com/kryptoblog ======================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpK1dgACgkQZoPr8HT30QEwRACg0vhO6TO1k0Pesm5qQOJVen/H vxwAoKdNZZkrDvm/CtQVbr0kZog0sX/U =Frss -----END PGP SIGNATURE----- -- http://mail.python.org/mailman/listinfo/python-list
