On Fri, Sep 10, 2004 at 05:35:57PM -0400, Simon Law wrote: > Why don't you drop MD5 hashing? It's become cryptographically possible > to generate a collision [1] on a known MD5 hash, so one can assume that > a determined attacker will try very hard to find one, if someone relies > on it.
My understanding on the collisions was that the new shortcut allowed a pair of inputs to be constructed to have a hash collision - rather than the more useful 'construct another file to hash as well as an existing one' attack. Whilst I agree that longterm SHA1 / SHA256 / etc would be the preferred hashing algorithms for using we do currently ship MD5 sums in our package files, so if we're looking to allow a Debian user to validate their packages this is what we must support. Adding SHA-1 into the mix may well be useful for some of the tools such as AIDE which might support it too, but honestly if we chose one hash it would have to be MD5 for the legacy support. (It would be interesting to allow a user to submit a hash and return the binary which it matched too, but mostly I'm assuming that end users, if they use it at all, will use it the other way round). Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit
