bug-fileutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ANNOUNCE] GNU fileutils 4.1


From: Paul Eggert
Subject: Re: [ANNOUNCE] GNU fileutils 4.1
Date: Thu, 24 May 2001 10:12:45 -0700 (PDT)

> Date: Thu, 24 May 2001 08:33:00 -0700
> From: cyrus <address@hidden>
>
> Defending a one-off shell script in court is going to be much
> trickier than defending a utility that ships with every GNU-based
> operating system.

In that case, you may need a utility of your own.  "dd" is not really
designed to be defended in court.  It contains several features that
are not relevant to this application, e.g. conversion from ASCII to
EBCDIC.  You might better off adding the few features you need to
"md5sum", or designing a minimal utility of your own and using that.

By the way, do you know that the name "dd" is a joke?  It's a pun,
taken from OS/360 JCL command language.  That explains why it uses its
own weird option syntax, rather than the standard option syntax used
in other utilities.  (Do you really want to defend a weird joke
program in court?  I'm sure the other side would love to tell the
judge about the joke.  :-)

Also, if your goal is to defend the code in court, I don't know why
you're using MD5 checksums.  My impression was that Hans Dobbertin's
work on MD5 leaves it pretty close to toast.  And even aside from
Dobbertin's work, these days one could even brute-force MD5 if one
were determined enough: van Oorschot and Wiener estimated in 1994 that
for only $10 million they could build an MD5-cracker based on
exhaustive search, and the cost would be a small fraction of that
these days.

The OpenBSD 2.8 man page for MD5 says "MD2 and MD5 are recommended
only for compatibility with existing applications. In new
applications, SHA-1 or RIPEMD-160 should be preferred."  This seems
like a reasonable recommendation to me.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]