Re: Moving away from MD5
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 23 Jun 1997, Thomas Koenig wrote:
> I think we should start moving away from MD5 as our main hash function.
> MD5 has known weaknesses so that an attacker can quite possibly create
> two files, differing maybe in a single bit or in quite a few bytes, but
> having the same MD5 checksum.
As far as I know, Debian uses MD5 sums to avoid "random" alteration of
files, not as a security measure against crackers, but I may be wrong.
BTW: Just curiosity: I would be delighted to see two different files
having the same md5sum. Do you have a simple example?
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
iQCVAgUBM66o0yqK7IlOjMLFAQHCsAP+OmOKorI69AZgN/t2XIa7Pljnw98imQl0
FaGs8/O4Qawtm/Iptu69hrsWn6bEgpOeA3NzeNgU12OknpTYl5jkniOqqwMSQjEM
kJFu436Bf01DUR9jeT+73JeM0U0QBK7n53dOrefdyPir0MSA/+CdlFyJNJk/NB96
KOyoxT2zdjQ=
=dNMM
-----END PGP SIGNATURE-----
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: