[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Non-identical files with identical md5sums on Debian systems?

On Mon, Aug 05, 2013 at 02:15:41PM +0100, Ian Jackson wrote:
> Russ Allbery writes ("Re: Non-identical files with identical md5sums on Debian systems?"):
> > Unless you have a collection of MD5 collision attacks, or have installed a
> > package that includes a sample MD5 collision, [...]
> For the sake of sanity of our (still) MD5-based tools, I hope that
> no-one uploads into our archive a package with an example MD5
> collision.  (Unless the colliding files are wrapped up somehow, to
> protect our infrastructure from any untoward behaviour.)

What in our infrastructure would break on an MD5 collision anyway? The closest
thing I could think of is dedup.debian.net, but that appears to use SHA512.

Kind regards,
Loong Jin

Attachment: signature.asc
Description: Digital signature

Reply to: