Mike Hommey wrote:
On Wed, Jun 13, 2007 at 10:37:26AM -0300, Henrique de Moraes Holschuh <[EMAIL
PROTECTED]> wrote:
On Wed, 13 Jun 2007, Florian Weimer wrote:
On Tue, 12 Jun 2007, Touko Korpela wrote:
Debian Security Advisories currently contain MD5 checksums. As MD5 is no
longer strong enough, maybe it should be replaced by SHA1 or SHA256?
When combined with size information
Size information doesn't buy you that much.
When we are talking about a binary blob that matches the *same* md5sum? Yes,
it does. Causing a MD5 colision with a message of the same size is far more
difficult.
Especially when it has to be a valid .deb file (which means an ar archive of
2 correctly gzipped tar files)
But did somebody check if dpkg handle correctly (error) if there
are extra data after a gz or at the end of a dpkg?
ciao
cate
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
