[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moving away from MD5



-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 23 Jun 1997, Thomas Koenig wrote:

> I think we should start moving away from MD5 as our main hash function.
> MD5 has known weaknesses so that an attacker can quite possibly create
> two files, differing maybe in a single bit or in quite a few bytes, but
> having the same MD5 checksum.

As far as I know, Debian uses MD5 sums to avoid "random" alteration of
files, not as a security measure against crackers, but I may be wrong.

BTW: Just curiosity: I would be delighted to see two different files
having the same md5sum. Do you have a simple example?

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1

iQCVAgUBM66o0yqK7IlOjMLFAQHCsAP+OmOKorI69AZgN/t2XIa7Pljnw98imQl0
FaGs8/O4Qawtm/Iptu69hrsWn6bEgpOeA3NzeNgU12OknpTYl5jkniOqqwMSQjEM
kJFu436Bf01DUR9jeT+73JeM0U0QBK7n53dOrefdyPir0MSA/+CdlFyJNJk/NB96
KOyoxT2zdjQ=
=dNMM
-----END PGP SIGNATURE-----


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .


Reply to: