Re: [Gnu-arch-users] Re: MD5 is broken

[Andrew Suffield]

On Wed, Mar 16, 2005 at 07:57:15PM +0100, Karel Gardas wrote:
> On Wed, 16 Mar 2005, Andrew Suffield wrote:
> 
> > On Wed, Mar 16, 2005 at 12:46:28PM +0100, Karel Gardas wrote:
> > > Sorry! That's just my short-cut of the whole problem. As I've already
> > > written I don't agree fully with Ivan's statements, but this does not
> > > change anything on the fact that MD5 is broken.
> >
> > MD5 is not broken. That's a myth. Stop spreading it.
> 
> Perhaps `MD5 is broken' is not the best description of the problem, but
> let say `MD5 is not collision free'. Is this better for you? i.e. there is
> a possibility to find two values which hash to the same hash without using
> brute force attack.

That is the case for all known hashing algorithms. Uninteresting distinction.

> > > Yes, I agree, but combining two hashes from which one is considered broken
> > > and one is considered weak these days is IMHO less secure than using one
> > > hash which is considered secure.
> >
> > Your opinion is stupid and wrong, and there are no hashes which are
> > 'considered secure' anyway.
> 
> 'considered secure' means 'considered more secure than X' in this context.
> Anyway, thanks for your polite `Your opinion is stupid and wrong'. I've
> just thought that as a long time Arch user I can spread some of my fears
> with more broader Arch community and I hope such possibility will be
> preserved in the future.

Please don't, people are stupid enough already. This kind of nonsense,
and complete absence of logic, is unproductive and unwelcome.

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

signature.asc
Description: Digital signature