Hi, Bastian Blank wrote: > I was not able to provide a real fix as I'm rather time constrained.
Don't worry, I'm prepared to write patches. But I wonder:
* is it okay to drop MD5 support, when implementing SHA256?
* must we fix this before the stretch release? or otherwise, would it
be possible to make such a big change in a stable point release?
> However please provide this information, as I only found something with
> about 2^120 for preimage attacks on MD5, which is still not fesable in
> real live.
Last time I brought up the topic, that argument was given.
But maybe it's the wrong approach to ask "are we *sure* MD5 is broken
and we must replace it?". We need to make a prediction that lasts the
supported lifetime of stretch (until 2022?); and some adversaries do
not reveal their capabilities.
It's actually kind of bizarre that we've published SHA256 sums in the
archive since 2007 and *still* don't use them here. I think there is a
greater risk that we forget, or be too lazy, than we do this 'too soon'.
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
signature.asc
Description: Digital signature
