[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: MD5 is broken
|
From: |
Bruce Stephens |
|
Subject: |
Re: [Gnu-arch-users] Re: MD5 is broken |
|
Date: |
Wed, 16 Mar 2005 19:54:53 +0000 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) |
Ivan Boldyrev <address@hidden> writes:
[...]
> When you sign a patch, you just sign ./checksum file. But this file
> is list of filenames and md5sums:
Ah. I assumed it was signing a patch, but I guess that wouldn't be as
useful as signing the actual contents of what you end up with after
applying the patch.
But that still means that the collisions would have to be in the
actual contents of individual files. For most applications, I'd guess
the opportunities for constructing usefully different pairs of files
with collisions would be fairly limited.
Not that md5 shouldn't be substituted (indeed, I'm surprised it was
used in the first place; are there common platforms where md5sum
exists but sha1sum doesn't?), but I'm unconvinced that it's a
significant risk.
- Re: [Gnu-arch-users] Re: MD5 is broken, (continued)
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/17
- Re: [Gnu-arch-users] Re: MD5 is broken, Jan Hudec, 2005/03/17
- Re: [Gnu-arch-users] Re: MD5 is broken, Tom Lord, 2005/03/21
- Re: [Gnu-arch-users] Re: MD5 is broken, James Blackwell, 2005/03/21
- Re: [Gnu-arch-users] Re: MD5 is broken, Andrew Suffield, 2005/03/17
- Re: [Gnu-arch-users] Re: MD5 is broken, Matthew Dempsky, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Bruce Stephens, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Jan Hudec, 2005/03/16
- [Gnu-arch-users] Re: MD5 is broken, Ivan Boldyrev, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken,
Bruce Stephens <=
- Re: [Gnu-arch-users] Re: MD5 is broken, Jan Hudec, 2005/03/17