On Fri, 2012-10-12 at 09:17 +0200, Bernhard R. Link wrote: > There is a disadvantage of having longer hashsums, thus making it harder > for people to compare. The only reason that for those md5 is optimal and > not crc32 is that there is only one md5 and there is a nice always > available tool to compute it, so people can compare it more easy. Do you think it often happens that people compare this manually? I doubt... even for MD5,... cause whenever it goes above a few files, it gets a pain with MD5, too. And the tools for the newer alogs (well at least SHA2) are also quite widespread now. > Everything doing something like that can also create those sha2 sums on > their own and use them. Using the debsums system (which has no security > part at all) will only weaken security. Well one argument would be, that these hashes are already created and "automatically" maintained... > So I think what you say is an > argument for keeping md5sum, so that noone think they can use that > information for security. Wheter that works?! ;-)
Attachment:
smime.p7s
Description: S/MIME cryptographic signature