Bug#268658: Might be crowded ...

To: 268658@bugs.debian.org
Subject: Bug#268658: Might be crowded ...
From: Simon Law <sfllaw@debian.org>
Date: Fri, 10 Sep 2004 17:35:57 -0400
Message-id: <[🔎] 20040910213557.GI27417@law.yi.org>
Reply-to: Simon Law <sfllaw@debian.org>, 268658@bugs.debian.org
In-reply-to: <[🔎] 20040908224845.GA21341@steve.org.uk>
References: <[🔎] 20040908224845.GA21341@steve.org.uk>

On Wed, Sep 08, 2004 at 11:48:45PM +0100, Steve Kemp wrote:
>   If we're already going to go to the effort of hashing every
>  single file in the archive for MD5 ignoring SHA1 seems like
>  false economy.

Why don't you drop MD5 hashing?  It's become cryptographically possible
to generate a collision [1] on a known MD5 hash, so one can assume that
a determined attacker will try very hard to find one, if someone relies
on it.

So if there's too much output, you might as well only use SHA-1.

Simon

[1] http://eprint.iacr.org/2004/199.pdf

Reply to:

Follow-Ups:
- Bug#268658: Might be crowded ...
  - From: Steve Kemp <skx@debian.org>

References:
- Bug#268658: Might be crowded ...
  - From: Steve Kemp <skx@debian.org>

Prev by Date: broken link
Next by Date: Your Card Debt can be wipe clean
Previous by thread: Bug#268658: Might be crowded ...
Next by thread: Bug#268658: Might be crowded ...
Index(es):
- Date
- Thread