[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] SHA1 sums for checksums file
From: |
Colin Walters |
Subject: |
Re: [Gnu-arch-users] SHA1 sums for checksums file |
Date: |
Tue, 06 Jan 2004 15:29:53 -0500 |
On Tue, 2004-01-06 at 11:10, Tom Lord wrote:
> We should be able to eliminate that limitation, I think.
I have done so as of patch-2 in my archive:
address@hidden
tla
tla--mainline
tla--mainline--1.2
[...]
patch-2
fix some bugs, and only validate SHA1 checksums if available
[COMPATIBLE AGAIN]
> (Assuming I do merge in SHA1 support, then) I don't mind leaving md5.c
> linked in.
As I mentioned in the patch log, we *also* use MD5 sums.
> Is your opinion that md5 security is _so_ bad that
> revisions currently using it should be changes?
It's probably not critical. The attacks against MD5 found so far aren't
quite practical, but they're still close enough to give little
confidence that no such attack will be found.
> Or would it be
> enough to just use sha1 on new revisions?
I'd prefer to use both.
signature.asc
Description: This is a digitally signed message part
- [Gnu-arch-users] SHA1 sums for checksums file, Colin Walters, 2004/01/06
- Re: [Gnu-arch-users] SHA1 sums for checksums file, Thomas Zander, 2004/01/06
- Re: [Gnu-arch-users] SHA1 sums for checksums file, Karel Gardas, 2004/01/06
- Re: [Gnu-arch-users] SHA1 sums for checksums file, Tom Lord, 2004/01/06
- Re: [Gnu-arch-users] SHA1 sums for checksums file, Florian Weimer, 2004/01/06
- Re: [Gnu-arch-users] SHA1 sums for checksums file,
Colin Walters <=
- [Gnu-arch-users] Re: SHA1 sums for checksums file, Neil Stevens, 2004/01/06
- Re: [Gnu-arch-users] Re: SHA1 sums for checksums file, Colin Walters, 2004/01/06
- [Gnu-arch-users] Re: SHA1 sums for checksums file, Neil Stevens, 2004/01/06
- Re: [Gnu-arch-users] Re: SHA1 sums for checksums file, Tom Lord, 2004/01/06
- [Gnu-arch-users] Re: SHA1 sums for checksums file, Neil Stevens, 2004/01/06
Re: [Gnu-arch-users] SHA1 sums for checksums file, Andrew Suffield, 2004/01/06