[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums files

On Wed, 2010-03-03 at 11:37 +0000, Philipp Kern wrote:
> On 2010-03-03, Wouter Verhelst <wouter@debian.org> wrote:
> > This is where I disagree. When a checksum algorithm is compromised (and
> > MD5 *is* compromised), things only ever get worse, not better. Indeed,
> > MD5 preimage attacks are pretty hard *today*. But switching to something
> > more secure in preparation for the day when MD5 will be easily cracked
> > by every script kiddo around is *not* overkill.
> Sure, but to be honest, not even all packages managed to generate md5sums
> 'till now (with some quite core, omnipresent packages missing) so it seems out
> of scope for squeeze.  Maybe squeeze+1.

What about a transitional dh_md5sums that would produce md5sum AND
invoke dh_sha ?


Reply to: