On Tuesday 12 June 2007 22.41:23 Touko Korpela wrote: > Debian Security Advisories currently contain MD5 checksums. As MD5 is no > longer strong enough, maybe it should be replaced by SHA1 or SHA256? Strong enough for what? You can get an md5 collision quite easily, but is 2nd preimage also broken? Note that you'd not only need a 2nd preimage for a given .deb, but the resulting file also needs to have the same size as the original and be a valid deb package. quite a lot of conditions there. cheers -- vbi -- OpenPGP encrypted mail welcome - my key: http://fortytwo.ch/gpg/92082481
Attachment:
signature.asc
Description: This is a digitally signed message part.