On Wed, Jun 13, 2007 at 10:37:26AM -0300, Henrique de Moraes Holschuh <[EMAIL PROTECTED]> wrote: > On Wed, 13 Jun 2007, Florian Weimer wrote: > > > On Tue, 12 Jun 2007, Touko Korpela wrote: > > >> Debian Security Advisories currently contain MD5 checksums. As MD5 is no > > >> longer strong enough, maybe it should be replaced by SHA1 or SHA256? > > > > > > When combined with size information > > > > Size information doesn't buy you that much. > > When we are talking about a binary blob that matches the *same* md5sum? Yes, > it does. Causing a MD5 colision with a message of the same size is far more > difficult.
Especially when it has to be a valid .deb file (which means an ar archive of 2 correctly gzipped tar files) Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
