> On Mon, 2010-03-08 at 12:59 -0800, Russ Allbery wrote: > > If we take option 2, SHA256 offers no benefits over MD5 and just takes > > longer to compute.
[Frank Lin PIAT] > Why is that everyone seems to move away from MD5? That's the $64000 question, isn't it? There seems to be this knee-jerk reaction to all things md5, "OH NOES, MD5 is broken! Therefore it must be replaced in every possible use, never mind whether any particular use has anything to do with malicious attackers." Strange that rsync seems to have escaped this madness, nobody has been frantically calling for it to migrate to something more "up to date" than MD4. Which, IIRC, is just as "broken". I guess the masses must have realized, in a way they usually do not, that sometimes an integrity check is just an integrity check. -- Peter Samuelson | org-tld!p12n!peter | http://p12n.org/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100309142149.gp18...@p12n.org
