[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] SHA1 sums for checksums file
|
From: |
Andrew Suffield |
|
Subject: |
Re: [Gnu-arch-users] SHA1 sums for checksums file |
|
Date: |
Wed, 7 Jan 2004 02:00:12 +0000 |
|
User-agent: |
Mutt/1.5.4i |
On Tue, Jan 06, 2004 at 05:52:49AM -0500, Colin Walters wrote:
> It came to my attention that tla was only including an MD5 sum of the
> data inside the checksums file. MD5 is considered weak by many in the
> security community, especially if you don't also verify additional
> information such as the file size.
>
> Some references:
>
> ftp://ftp.rsasecurity.com/pub/pdfs/bulletn4.pdf
> http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
> http://www.nullify.org/openpgp.html
<sigh> That is not a clear and accurate summary of the current
situation.
MD5 has withstood years of cryptanalysis, and no meaningful, even
theoretically possible weaknesses have been found in it.
Seven years ago, a weakness was found in one particular component of
MD5. Since then, nobody has published any method by which this
weakness can be used to attack MD5 itself. MD5 is as strong as it has
always been.
RSA corp. no longer recommends the use of MD5 in new
applications. They do *not* recommend that you *avoid* MD5 (I can't
believe how many times I've seen people get that one backwards). They
merely believe that there are better choices; this is not least
because any 128-bit hash isn't going to last more than 10 years before
it becomes vulnerable to brute-force attacks. The NSA are even more
paranoid; they're already doing the preliminaries to migrate away from
SHA-1 (160-bit) to the larger SHA hashes (256+) for general government
use. That may or may not be based on something they know about SHA-1
that the rest of the world doesn't.
The various newer hashes (SHA, RIPEMD, etc.) are just that -
newer. They haven't withstood cryptanalysis for as long as MD5 has,
but there haven't been weaknesses found in any component of their
current versions. That doesn't really mean anything, other than that a
great many people are going to speculate a lot.
SHA has the added "Do you trust the NSA?" problem; they're almost
certainly the best cryptographers in the world, but they do not
usually act in the best interests of anybody but the US government.
Aside from the simple matter of hash size, none of the above is
appreciably useful when picking algorithms. That's kinda the
point. Regardless of the way that some people make decisions based on
some or all of these points.
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -><- |
signature.asc
Description: Digital signature
- Re: [Gnu-arch-users] SHA1 sums for checksums file, (continued)
- Re: [Gnu-arch-users] SHA1 sums for checksums file, Karel Gardas, 2004/01/06
- Re: [Gnu-arch-users] SHA1 sums for checksums file, Tom Lord, 2004/01/06
- Re: [Gnu-arch-users] SHA1 sums for checksums file, Florian Weimer, 2004/01/06
- Re: [Gnu-arch-users] SHA1 sums for checksums file, Colin Walters, 2004/01/06
- [Gnu-arch-users] Re: SHA1 sums for checksums file, Neil Stevens, 2004/01/06
- Re: [Gnu-arch-users] Re: SHA1 sums for checksums file, Colin Walters, 2004/01/06
- [Gnu-arch-users] Re: SHA1 sums for checksums file, Neil Stevens, 2004/01/06
- Re: [Gnu-arch-users] Re: SHA1 sums for checksums file, Tom Lord, 2004/01/06
- [Gnu-arch-users] Re: SHA1 sums for checksums file, Neil Stevens, 2004/01/06
Re: [Gnu-arch-users] SHA1 sums for checksums file,
Andrew Suffield <=