On 12/8/06, Simon Willnauer <[EMAIL PROTECTED]> wrote:
Oh by the way I do have 2 people in this room being able to find
collisions to md5 within the next 15 minutes. But it is true that this
is quiet hypothetical .
anyway...
Can they also produce a malicious distribution of solr which hashes
identically? <g>.
It _is_ a valid concern in general (I would never use md5 as a
cryptographic hash, e.g., for passwords), but significantly less of a
concern for this use. The most important role of the hash is to
ensure no corruption occurred during transfer.
cheers,
-Mike
