[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Fri, 2012-10-12 at 13:10 +0200, David Kalnischkies wrote:
> Oh, and there is "Description-md5". I can't imagine a scenario in which it
> would be useful to change the English description of a package for an attack
> (which you want to hide by displaying the translations of the not modified
> version)

I cannot think of any either, well at lest not of anything, for which a
plain collision would be enough,...

But it's a general security paradigm, that one shouldn't just focus on
the attack vectors one can think of... but rather trying to secure
"everything" ;)


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: