Bug#268658: Might be crowded ...
On Wed, Sep 08, 2004 at 11:48:45PM +0100, Steve Kemp wrote:
> If we're already going to go to the effort of hashing every
> single file in the archive for MD5 ignoring SHA1 seems like
> false economy.
Why don't you drop MD5 hashing? It's become cryptographically possible
to generate a collision [1] on a known MD5 hash, so one can assume that
a determined attacker will try very hard to find one, if someone relies
on it.
So if there's too much output, you might as well only use SHA-1.
Simon
[1] http://eprint.iacr.org/2004/199.pdf
Reply to: