[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-sig support wanted?

On Sun, Nov 27, 2005 at 12:42:42PM +0100, Steinar H. Gunderson wrote:
> On Sun, Nov 27, 2005 at 02:18:00PM +1000, Anthony Towns wrote:
> > My understanding was that there aren't other hash functions that've had
> > remotely similar levels of cryptographic analysis to md5 and sha. IIRC,
> > the elliptic curve cryptography stuff was supposed to be similarly neat,
> > until people started analysing it seriously, at which point it broke.
> To the best of my knowledge, elliptic curve cryptography isn't any more
> broken than RSA or ElGamal is.

Oh god, how embarassing. I'm confusing elliptic curves and knapsacks,
my bad. Knapsack cryptograph's "provably" secure (in that a general
solution is NP), and practically insecure (in that it's hard to find
instances that are reliably hard enough, at least without obscene key

But hey, SHA-something, Tiger, or whatever; it's well past time to choose
one, get a /usr/bin/<...> binary we can use, and replace md5 with it.


Attachment: signature.asc
Description: Digital signature

Reply to: