Bug#268658: Might be crowded ...
On Fri, Sep 10, 2004 at 05:35:57PM -0400, Simon Law wrote:
> Why don't you drop MD5 hashing? It's become cryptographically possible
> to generate a collision [1] on a known MD5 hash, so one can assume that
> a determined attacker will try very hard to find one, if someone relies
> on it.
My understanding on the collisions was that the new shortcut allowed
a pair of inputs to be constructed to have a hash collision - rather
than the more useful 'construct another file to hash as well as an
existing one' attack.
Whilst I agree that longterm SHA1 / SHA256 / etc would be the
preferred hashing algorithms for using we do currently ship MD5 sums
in our package files, so if we're looking to allow a Debian user
to validate their packages this is what we must support.
Adding SHA-1 into the mix may well be useful for some of the
tools such as AIDE which might support it too, but honestly if
we chose one hash it would have to be MD5 for the legacy support.
(It would be interesting to allow a user to submit a hash and
return the binary which it matched too, but mostly I'm assuming that
end users, if they use it at all, will use it the other way round).
Steve
--
# The Debian Security Audit Project.
http://www.debian.org/security/audit
Reply to: