BTW, for those concerned, there's nothing at the ASF that says you
must use only MD5. You can add SHA-1 or any other algorithm if you
want. See Ant for example: they've been doing MD5 and SHA-1 side by
side for years now (http://ant.apache.org/bindownload.cgi)
Yoav
On 12/8/06, Yonik Seeley <[E
On 12/8/06, Chris Hostetter <[EMAIL PROTECTED]> wrote:
: It _is_ a valid concern in general (I would never use md5 as a
: cryptographic hash, e.g., for passwords), but significantly less of a
: concern for this use. The most important role of the hash is to
: ensure no corruption occurred during
: It _is_ a valid concern in general (I would never use md5 as a
: cryptographic hash, e.g., for passwords), but significantly less of a
: concern for this use. The most important role of the hash is to
: ensure no corruption occurred during transfer.
Bingo: We checksum the files with MD5, we s
On 12/8/06, Simon Willnauer <[EMAIL PROTECTED]> wrote:
Oh by the way I do have 2 people in this room being able to find
collisions to md5 within the next 15 minutes. But it is true that this
is quiet hypothetical .
anyway...
Can they also produce a malicious distribution of solr which hashes
i
Oh by the way I do have 2 people in this room being able to find
collisions to md5 within the next 15 minutes. But it is true that this
is quiet hypothetical .
anyway...
yours simon
On 12/8/06, Simon Willnauer <[EMAIL PROTECTED]> wrote:
True, so do it proper if you can.
best regards simon
O
True, so do it proper if you can.
best regards simon
On 12/8/06, WHIRLYCOTT <[EMAIL PROTECTED]> wrote:
This isn't as urgent as you make it out to be. There are just a few
people in the world, mostly Chinese researchers, who have the
capability to do this. I agree that SHA is better, but this
Hello,
I'm wondering why people still use MD5 for digital signatures and / or
checksums.
Recent results on the analysis of MD5 reduce the effort to find
collisions to a few minutes on an old notebook. Thus, collision and
multi-collision attacks on MD5 are feasible and practical.
I would recommend
This isn't as urgent as you make it out to be. There are just a few
people in the world, mostly Chinese researchers, who have the
capability to do this. I agree that SHA is better, but this clearly
isn't the type of thing that should hold up a Solr release!
phil.
On Dec 8, 2006, at 4:37
: The format that Yonik used works (on my macosx system, but also under
: Linux I suspect) with
:
: md5sum -c apache-solr-1.1.0-incubating.tgz.md5
hey look at that ... a "-c" option on md5sum.
The FreeBSD md5 command doesn't seem to have a corrisponding check
command, so making sure "md5sum -c"
On 12/8/06, Chris Hostetter <[EMAIL PROTECTED]> wrote:
...but it got me wondering, what format do we want?...
The format that Yonik used works (on my macosx system, but also under
Linux I suspect) with
md5sum -c apache-solr-1.1.0-incubating.tgz.md5
which is convenient I think.
-Bertrand
I thought adding the hooks to out build.xml to generate the MD5
sums as part of the package command (so we don't have to run it manually)
would be relaly easy ... but discovered that ant outputs only the checksum
to the files -- no input filename, no newline.
aparently, a "format" option has bee
11 matches
Mail list logo
