Re: Time to replace MD5?

To: Henrique de Moraes Holschuh <hmh@debian.org>, Florian Weimer <fw@deneb.enyo.de>, Touko Korpela <tkorpela@phnet.fi>, debian-security@lists.debian.org
Subject: Re: Time to replace MD5?
From: "Giacomo A. Catenazzi" <cate@debian.org>
Date: Wed, 13 Jun 2007 17:12:17 +0200
Message-id: <[🔎] 46700951.3020500@debian.org>
In-reply-to: <[🔎] 20070613134217.GA17120@glandium.org>
References: <[🔎] 20070612204123.GA2403@norsu.vuoristo.local> <[🔎] 20070612210425.GA7227@khazad-dum.debian.net> <[🔎] 87ir9stg7z.fsf@mid.deneb.enyo.de> <[🔎] 20070613133726.GA22085@khazad-dum.debian.net> <[🔎] 20070613134217.GA17120@glandium.org>

Mike Hommey wrote:

On Wed, Jun 13, 2007 at 10:37:26AM -0300, Henrique de Moraes Holschuh <hmh@debian.org> wrote:

On Wed, 13 Jun 2007, Florian Weimer wrote:
On Tue, 12 Jun 2007, Touko Korpela wrote:
Debian Security Advisories currently contain MD5 checksums. As MD5 is nolonger strong enough, maybe it should be replaced by SHA1 or SHA256?
When combined with size information
Size information doesn't buy you that much.
When we are talking about a binary blob that matches the *same* md5sum? Yes,
it does.  Causing a MD5 colision with a message of the same size is far more
difficult.


Especially when it has to be a valid .deb file (which means an ar archive of
2 correctly gzipped tar files)


But did somebody check if dpkg handle correctly (error) if there
are extra data after a gz or at the end of a dpkg?

ciao
	cate

Reply to:

References:
- Time to replace MD5?
  - From: Touko Korpela <tkorpela@phnet.fi>
- Re: Time to replace MD5?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Time to replace MD5?
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Time to replace MD5?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Time to replace MD5?
  - From: Mike Hommey <mh@glandium.org>

Prev by Date: Re: Time to replace MD5?
Next by Date: Re: Time to replace MD5?
Previous by thread: Re: Time to replace MD5?
Next by thread: Re: Time to replace MD5?
Index(es):
- Date
- Thread