Re: Moving away from MD5

To: Thomas König <Thomas.Koenig@ciw.uni-karlsruhe.de>
Cc: debian <debian-devel@lists.debian.org>
Subject: Re: Moving away from MD5
From: Santiago Vila Doncel <sanvila@unex.es>
Date: Mon, 23 Jun 1997 18:48:27 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.3.96.970623184326.662A-100000@cantor.unex.es>
In-reply-to: <[🔎] 199706231407.QAA10455@mvmap66.ciw.uni-karlsruhe.de>

-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 23 Jun 1997, Thomas Koenig wrote:

> I think we should start moving away from MD5 as our main hash function.
> MD5 has known weaknesses so that an attacker can quite possibly create
> two files, differing maybe in a single bit or in quite a few bytes, but
> having the same MD5 checksum.

As far as I know, Debian uses MD5 sums to avoid "random" alteration of
files, not as a security measure against crackers, but I may be wrong.

BTW: Just curiosity: I would be delighted to see two different files
having the same md5sum. Do you have a simple example?

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1

iQCVAgUBM66o0yqK7IlOjMLFAQHCsAP+OmOKorI69AZgN/t2XIa7Pljnw98imQl0
FaGs8/O4Qawtm/Iptu69hrsWn6bEgpOeA3NzeNgU12OknpTYl5jkniOqqwMSQjEM
kJFu436Bf01DUR9jeT+73JeM0U0QBK7n53dOrefdyPir0MSA/+CdlFyJNJk/NB96
KOyoxT2zdjQ=
=dNMM
-----END PGP SIGNATURE-----


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: Moving away from MD5
  - From: joost@rulcmc.leidenuniv.nl (joost witteveen)
- Re: Moving away from MD5
  - From: Thomas Koenig <ig25@mvmap66.ciw.uni-karlsruhe.de>

References:
- Moving away from MD5
  - From: Thomas Koenig <ig25@mvmap66.ciw.uni-karlsruhe.de>

Prev by Date: Re: Editor wars considered harmful
Next by Date: Re: Rescue disk and Thinkpads (problem identified).
Previous by thread: Moving away from MD5
Next by thread: Re: Moving away from MD5
Index(es):
- Date
- Thread