* Peter Samuelson <peter@p12n.org>, 2010-03-09, 08:21:
[Frank Lin PIAT]Why is that everyone seems to move away from MD5?That's the $64000 question, isn't it? There seems to be this knee-jerk reaction to all things md5, "OH NOES, MD5 is broken! Therefore it must be replaced in every possible use, never mind whether any particular use has anything to do with malicious attackers." Strange that rsync seems to have escaped this madness, nobody has been frantically calling for it to migrate to something more "up to date" than MD4. Which, IIRC, is just as "broken". I guess the masses must have realized, in a way they usually do not, that sometimes an integrity check is just an integrity check.
FYI:
$ zgrep MD5 /usr/share/doc/rsync/changelog.gz
- Protocol 30 now uses MD5 checksums instead of MD4.
That said, I totally agree with you.
--
Jakub Wilk
Attachment:
signature.asc
Description: Digital signature