Re: Moving away from MD5
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 23 Jun 1997, Thomas Koenig wrote:
> I think we should start moving away from MD5 as our main hash function.
> MD5 has known weaknesses so that an attacker can quite possibly create
> two files, differing maybe in a single bit or in quite a few bytes, but
> having the same MD5 checksum.
As far as I know, Debian uses MD5 sums to avoid "random" alteration of
files, not as a security measure against crackers, but I may be wrong.
BTW: Just curiosity: I would be delighted to see two different files
having the same md5sum. Do you have a simple example?
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .