[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Jigdo (was Re: too many CD ISOs)

Hi, sorry for the late reply...

On Thu, Apr 26, 2007 at 01:44:05PM +0100, Steve McIntyre wrote:
> There's also a couple more changes/updates that I'd like to make
> in/around jigdo soon-ish:
>  * Move over to using bzip2 rather than gzip for our template files.
>    That should be simple enough now that all the clients in stable
>    will support bzip2, I assume.

Yes, it should work AFAICT!

>  * Start using sha1/256 internally as well as/instead of md5sum, or at
>    least for the whole-image checksums. Md5sum is looking weak these
>    days.

I thought about SHA1 when I first came up with the file format. At the 
time, MD5 was already considered weakend because different content with 
matching MD5s had been found. Still, in the end I decided against SHA1 
because the individual file checksums are not security sensitive - CRC64 
would be just as fine IMHO.

However, in hindsight I probably should have used SHA1 for the template 
file hash and for the hash of the final image.



  __   _
  |_) /|  Richard Atterer     |  GnuPG key: 888354F7
  | \/¯|  http://atterer.net  |  08A9 7B7D 3D13 3EF2 3D25  D157 79E6 F6DC 8883 54F7
  ¯ '` ¯

Attachment: signature.asc
Description: Digital signature

Reply to: