[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moving away from MD5

Thomas Koenig wrote:
> I think we should start moving away from MD5 as our main hash function.
> An attractive alternative would be RIPEMD-160. 
> http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html

This is probably a good thing to agree to do, before Klee redesigns dpkg to
handle verification and other things (I think he's in California doing
contract work right now).

One drawback is that it is 3 times as slow - and I assume that the output
of the hash function is going to take 25% more bytes to represent it.

Is there an equivalent of the md5sum program for it?

Sound like a good idea to me, but I'm no expert on crypto.


 - Jim

Attachment: pgpR9nvT2ON82.pgp
Description: PGP signature

Reply to: