[Gnu-arch-users] Re: MD5 is broken

gnu-arch-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnu-arch-users] Re: MD5 is broken

From:	Ivan Boldyrev
Subject:	[Gnu-arch-users] Re: MD5 is broken
Date:	Wed, 16 Mar 2005 20:03:32 +0600
User-agent:	Gnus/5.110003 (No Gnus v0.3) Emacs/21.4 (gnu/linux)

On 9050 day of my life Bruce Stephens wrote:
> Anyway, hashes in Arch are about detecting unexpected modifications
> due to random breakage.  If you really care about patches you'd sign
> them, wouldn't you?

When you sign a patch, you just sign ./checksum file.  But this file
is list of filenames and md5sums:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Signature-for: address@hidden/bla--main--0.1--patch-2
md5 log 3789ad2ea92692b300d67c26fc400fce
md5 bla--main--0.1--patch-2.patches.tar.gz 0d560b2d653d6602321a3be52615b01b
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

IEUEARECAAYFAKICKX8ACGKQ4RMSJ66VBHFYUGCWIWCYMIAJWHTKGVW61MKQCS+N
=82/m
-----END PGP SIGNATURE-----

So, patches are not signed directly.  And MD5 is weakest ring in a
chain.

-- 
Ivan Boldyrev

                        Today is the first day of the rest of your life.

pgpv9Tvxqv6lP.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnu-arch-users] Re: MD5 is broken, (continued)

Prev by Date: Re: [Gnu-arch-users] Re: MD5 is broken
Next by Date: Re: [Gnu-arch-users] Re: MD5 is broken
Previous by thread: Re: [Gnu-arch-users] Re: MD5 is broken
Next by thread: Re: [Gnu-arch-users] Re: MD5 is broken
Index(es):
- Date
- Thread