Re: md5sums files

To: debian-devel@lists.debian.org
Subject: Re: md5sums files
From: Osamu Aoki <osamu@debian.org>
Date: Thu, 4 Mar 2010 00:54:53 +0900
Message-id: <[🔎] 20100303155453.GA5184@osamu.debian.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] slrnhosifd.rmi.trash@kelgar.0x539.de>
References: <[🔎] 20100303020620.GA17083@celtic.nixsys.be> <[🔎] 874okyuov4.fsf@windlord.stanford.edu> <[🔎] 20100303151752.835b34d3.erikd@mega-nerd.com> <[🔎] 20100303104725.GA18778@celtic.nixsys.be> <[🔎] slrnhosifd.rmi.trash@kelgar.0x539.de>

On Wed, Mar 03, 2010 at 11:37:17AM +0000, Philipp Kern wrote:
> On 2010-03-03, Wouter Verhelst <wouter@debian.org> wrote:
> > This is where I disagree. When a checksum algorithm is compromised (and
> > MD5 *is* compromised), things only ever get worse, not better. Indeed,
> > MD5 preimage attacks are pretty hard *today*. But switching to something
> > more secure in preparation for the day when MD5 will be easily cracked
> > by every script kiddo around is *not* overkill.
> 
> Sure, but to be honest, not even all packages managed to generate md5sums
> 'till now (with some quite core, omnipresent packages missing) so it seems out
> of scope for squeeze.  Maybe squeeze+1.

True but debsums can address these issues by system administrator
touch-ups as documented in manpage using:

 * /etc/apt/apt.conf.d/90debsums (debsums >= 2.0.7)
 * debsums_init(8)               (debsums >= 2.0.34 @ 2007)

Osamu

Reply to:

Follow-Ups:
- Re: md5sums files
  - From: Joey Hess <joeyh@debian.org>

References:
- md5sums files
  - From: Wouter Verhelst <wouter@debian.org>
- Re: md5sums files
  - From: Russ Allbery <rra@debian.org>
- Re: md5sums files
  - From: Erik de Castro Lopo <erikd@mega-nerd.com>
- Re: md5sums files
  - From: Wouter Verhelst <wouter@debian.org>
- Re: md5sums files
  - From: Philipp Kern <trash@philkern.de>

Prev by Date: Re: md5sums files
Next by Date: Re: md5sums files
Previous by thread: Re: md5sums files
Next by thread: Re: md5sums files
Index(es):
- Date
- Thread