Re: Bug#540215: Introduce dh_checksums
> On Mon, 2010-03-08 at 12:59 -0800, Russ Allbery wrote:
> > If we take option 2, SHA256 offers no benefits over MD5 and just takes
> > longer to compute.
[Frank Lin PIAT]
> Why is that everyone seems to move away from MD5?
That's the $64000 question, isn't it? There seems to be this knee-jerk
reaction to all things md5, "OH NOES, MD5 is broken! Therefore it must
be replaced in every possible use, never mind whether any particular
use has anything to do with malicious attackers."
Strange that rsync seems to have escaped this madness, nobody has been
frantically calling for it to migrate to something more "up to date"
than MD4. Which, IIRC, is just as "broken". I guess the masses must
have realized, in a way they usually do not, that sometimes an
integrity check is just an integrity check.
Peter Samuelson | org-tld!p12n!peter | http://p12n.org/