Hi, Bastian Blank wrote: > I was not able to provide a real fix as I'm rather time constrained.
Don't worry, I'm prepared to write patches. But I wonder: * is it okay to drop MD5 support, when implementing SHA256? * must we fix this before the stretch release? or otherwise, would it be possible to make such a big change in a stable point release? > However please provide this information, as I only found something with > about 2^120 for preimage attacks on MD5, which is still not fesable in > real live. Last time I brought up the topic, that argument was given. But maybe it's the wrong approach to ask "are we *sure* MD5 is broken and we must replace it?". We need to make a prediction that lasts the supported lifetime of stretch (until 2022?); and some adversaries do not reveal their capabilities. It's actually kind of bizarre that we've published SHA256 sums in the archive since 2007 and *still* don't use them here. I think there is a greater risk that we forget, or be too lazy, than we do this 'too soon'. Regards, -- Steven Chamberlain ste...@pyro.eu.org
signature.asc
Description: Digital signature