Re: Time to replace MD5?

[Florian Weimer <fw@deneb.enyo.de>]

* Steffen Schulz:

> If for whatever reason people get untrustworthy, it would be nice to
> know as soon as possible, no? Government, Money, ..

Well, in this case, you're barking up the wrong tree.  What you really
want is some kind of audit trail, which might increase confidence in
the integrity of the package creation process.  A chain of
cryptographic hashes which is put in place at the very end of that
process is *not* an audit trail.  It only secures distribution across
the mirror network, and MD5 is currently good enough for that.

Using SHA-384 for this purpose might even give a wrong sense of
security.

> And again, this is just one attack vector. To check the impact and
> list the mitigating factors sure is good for employment. Security
> design is something else.

Security design is mostly about risk analysis.  If you built security
in from the start, it's unlikely your system will ever make it to the
point where you see actual attacks (which means, in most systems:
fraud).