[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] SHA1 sums for checksums file
From: |
Florian Weimer |
Subject: |
Re: [Gnu-arch-users] SHA1 sums for checksums file |
Date: |
Tue, 6 Jan 2004 17:56:13 +0100 |
User-agent: |
Mutt/1.5.4i |
Tom Lord wrote:
> (Assuming I do merge in SHA1 support, then) I don't mind leaving md5.c
> linked in. Is your opinion that md5 security is _so_ bad that
> revisions currently using it should be changes? Or would it be
> enough to just use sha1 on new revisions?
The design decisions behind SHA (and thus SHA-1) have never been made
public. It is, however, based on MD4 (like MD5), but uses other methods
than MD5 to counter the (theoretical) attacks that were published for
MD4.
Dobbertin has subsequently shown that attacks equivalent to those on MD4
(which was generally considered insecure, although the known attacks are
just theoretical) are possible on MD5. Therefore, you probably should
view MD5 as a suboptimal choice (but not dangerously wrong).
My feeling is that you shouldn't introduce MD5 for new protocols and
applications, and use SHA-1 instead, even though MD5 is about twice as
fast as SHA-1.
- [Gnu-arch-users] SHA1 sums for checksums file, Colin Walters, 2004/01/06
- Re: [Gnu-arch-users] SHA1 sums for checksums file, Thomas Zander, 2004/01/06
- Re: [Gnu-arch-users] SHA1 sums for checksums file, Karel Gardas, 2004/01/06
- Re: [Gnu-arch-users] SHA1 sums for checksums file, Tom Lord, 2004/01/06
- Re: [Gnu-arch-users] SHA1 sums for checksums file,
Florian Weimer <=
- Re: [Gnu-arch-users] SHA1 sums for checksums file, Colin Walters, 2004/01/06
- [Gnu-arch-users] Re: SHA1 sums for checksums file, Neil Stevens, 2004/01/06
- Re: [Gnu-arch-users] Re: SHA1 sums for checksums file, Colin Walters, 2004/01/06
- [Gnu-arch-users] Re: SHA1 sums for checksums file, Neil Stevens, 2004/01/06
- Re: [Gnu-arch-users] Re: SHA1 sums for checksums file, Tom Lord, 2004/01/06
- [Gnu-arch-users] Re: SHA1 sums for checksums file, Neil Stevens, 2004/01/06
Re: [Gnu-arch-users] SHA1 sums for checksums file, Andrew Suffield, 2004/01/06