Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

To: debian-devel@lists.debian.org
Subject: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
From: Wouter Verhelst <wouter@debian.org>
Date: Sat, 13 Oct 2012 10:56:25 +0200
Message-id: <[🔎] 20121013085625.GF4766@grep.be>
In-reply-to: <[🔎] 20121012071732.GA4094@client.brlink.eu>
References: <[🔎] 1349911198.3341.117.camel@fermat.scientia.net> <[🔎] 20121011163521.GC4151@p12n.org> <[🔎] 1349977131.3370.29.camel@fermat.scientia.net> <[🔎] 20121012071732.GA4094@client.brlink.eu>

On Fri, Oct 12, 2012 at 09:17:32AM +0200, Bernhard R. Link wrote:
> part at all) will only weaken security. So I think what you say is an
> argument for keeping md5sum, so that noone think they can use that
> information for security.

This argument is based on the incorrect assumption that everyone in the
world knows md5 is broken.

(Heck, I'm sure I can find people who don't know that parity checks are
not a security measure, yet who think they know about security, if I
search good enough)

-- 
Copyshops should do vouchers. So that next time some bureaucracy requires you
to mail a form in triplicate, you can mail it just once, add a voucher, and
save on postage.

Reply to:

Follow-Ups:
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: "Bernhard R. Link" <brlink@debian.org>

References:
- Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Peter Samuelson <peter@p12n.org>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: "Bernhard R. Link" <brlink@debian.org>

Prev by Date: Re: (seemingly) declinging bug report numbers
Next by Date: Re: Bug#690183: ITP: apt-fast -- shellscript wrapper for apt-get or aptitude
Previous by thread: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Next by thread: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Index(es):
- Date
- Thread