Nice. Note that the Sourceforge bug for this issue indicates that something is already being done about it. It just happens to have been updated a day or so ago:
https://sourceforge.net/tracker/?func=detail&atid=355470&aid=1123660&group_id=5470 Note to skeptics: the attacks are pretty serious. Here's a demo of a meaningful possible fraud resulting from knowing just one md5 collision, possibly found by somebody else: http://www.cits.rub.de/imperia/md/content/magnus/rump_ec05.pdf Something similar can be done with SHA1 if a collision gets published. The work factor for finding an SHA1 collision is now down to O(2**63), which is within range of a distributed internet search. The md5 attack relies on the md5's message-extension property (shared by sha-1): if you find just one collision, you can easily generate an "infinite" family of colliding messages. Anyone know if the sha-2 hashes have that property? -- http://mail.python.org/mailman/listinfo/python-list
