Subject: Re: Checksum for packages
To: None <firstname.lastname@example.org>
From: Dominik Rothert <email@example.com>
Date: 12/20/2000 22:27:39
David Maxwell <firstname.lastname@example.org> wrote:
> On Wed, Dec 20, 2000 at 01:14:13PM +0100, Dominik Rothert wrote:
> > Why are we still using MD5?
> Generating collisions is 'tough', having them be a valid file, is
> 'hard', and doing that on demand for a file server you have compromised
> is 'unlikely'.
I agree with you, we are talking about a really rare situation, but it
is possible to get in, so we should think about it.
> It seems reasonable that we start creating checksum files with md5 AND
> SHA-1 hashes,
Yes, due to compatibility this is a good idea for the first time.
/* Dominik Rothert | email@example.com *
* A S T O R I T | http://www.astorit.com/ *
* Hohenzollernring 52 | fon +49-221-251440 *
* 50672 Cologne, Germany | fax +49-221-251443 */:wq!