* Henrique de Moraes Holschuh: > On Tue, 12 Jun 2007, Touko Korpela wrote: >> Debian Security Advisories currently contain MD5 checksums. As MD5 is no >> longer strong enough, maybe it should be replaced by SHA1 or SHA256? > > When combined with size information
Size information doesn't buy you that much. > AND the fact that it needs to be a valid .deb archive, they are > probably more than strong enough. That, and the "evil twin" package would have to be prepared by the securty team as well, which isn't a relevant scenario (because they could put a backdoor in the original without attacking the hash). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
