[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#268658: Might be crowded ...

On Fri, Sep 10, 2004 at 05:35:57PM -0400, Simon Law wrote:

> Why don't you drop MD5 hashing?  It's become cryptographically possible
> to generate a collision [1] on a known MD5 hash, so one can assume that
> a determined attacker will try very hard to find one, if someone relies
> on it.

  My understanding on the collisions was that the new shortcut allowed
 a pair of inputs to be constructed to have a hash collision - rather
 than the more useful 'construct another file to hash as well as an
 existing one' attack.

  Whilst I agree that longterm SHA1 / SHA256 / etc would be the
 preferred hashing algorithms for using we do currently ship MD5 sums
 in our package files, so if we're looking to allow a Debian user
 to validate their packages this is what we must support.

  Adding SHA-1 into the mix may well be useful for some of the
 tools such as AIDE which might support it too, but honestly if
 we chose one hash it would have to be MD5 for the legacy support.

  (It would be interesting to allow a user to submit a hash and
 return the binary which it matched too, but mostly I'm assuming that
 end users, if they use it at all, will use it the other way round).

Steve
--
# The Debian Security Audit Project.
http://www.debian.org/security/audit
Reply to: