[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: System integrity...



In article <E10ucwT-0004pM-00@polya> you write:
>AFAIK, Jules is correct: MD5 sums are only cryptographically secure
>(and there was a cryptic announcement by RSA which even throws that
>into some doubt) if the correct length of the plaintext is also
>known.

Just curious: Is there anywhere I can find a reference (eg online)
to the limitations of MD5sums?

There is a program called md5sum that calculates or checks the md5sums
of given files - perhaps this should really output the file size, too...

ie if you are going to occupy disk space to save MD5sums, you might
as well include the file length, too... Same for md5sums in Debian
packages.

Anyway, just my thoughts on the matter... I see that *.dsc and *.changes
files already have the file size as well as the MD5sum so that should
make these secure (assuming you believe MD5sums are secure).

How secure are MD5sums???
-- 
Brian May <bam@snoopy.apana.org.au>

Attachment: pgpx8KnFw1ZpN.pgp
Description: PGP signature


Reply to: