True, so do it proper if you can.
best regards simon
On 12/8/06, WHIRLYCOTT <[EMAIL PROTECTED]> wrote:
This isn't as urgent as you make it out to be. There are just a few
people in the world, mostly Chinese researchers, who have the
capability to do this. I agree that SHA is better, but this clearly
isn't the type of thing that should hold up a Solr release!
phil.
On Dec 8, 2006, at 4:37 PM, Simon Willnauer wrote:
> Hello,
> I'm wondering why people still use MD5 for digital signatures and / or
> checksums.
> Recent results on the analysis of MD5 reduce the effort to find
> collisions to a few minutes on an old notebook. Thus, collision and
> multi-collision attacks on MD5 are feasible and practical.
> I would recommend to migrate directly from MD5 to SHA-2 and add SHA-2
> hashes to existing MD5 lists if possible. Wherever MD5 is still used
> to detect the manipulation of
> data or software, it must be replaced as soon as possible!
>
> just my 2 cent.
>
> best regards simon
>
> On 12/8/06, Bertrand Delacretaz <[EMAIL PROTECTED]> wrote:
>> On 12/8/06, Chris Hostetter <[EMAIL PROTECTED]> wrote:
>>
>> > ...but it got me wondering, what format do we want?...
>>
>> The format that Yonik used works (on my macosx system, but also under
>> Linux I suspect) with
>>
>> md5sum -c apache-solr-1.1.0-incubating.tgz.md5
>>
>> which is convenient I think.
>>
>> -Bertrand
>>
--
Whirlycott
Philip Jacob
[EMAIL PROTECTED]
http://www.whirlycott.com/phil/
