"Steinar H. Gunderson" <[EMAIL PROTECTED]> writes: > On Sat, Nov 26, 2005 at 09:13:02AM +1000, Anthony Towns wrote: >>> Moving away from MD5 is certainly not a bad idea, but it's not clear >>> whether the alternatives are any better. Sure, everyone recommends >>> SHA-256 at this stage, but nobody can give a rationale. >> MD5 is broken; SHA-1 is where MD5 was a couple of years ago, SHA256 (or >> higher) are significantly harder to break in practice, and there's >> nothing better yet. > > Just a comment here for those who are not used to hash functions: "Broken" > here means that you can generate collisions faster than using the birthday > attack (2^64 for MD5, 2^80 for SHA-1). It does not have to mean that you > can do _really_ evil stuff, like generate a second file with the same MD5 > hash as a given file (so-called "second preimage", IIRC) and to the best of > my knowledge, nobody has done so yet).
According to slashdot articles you can generate human readable files (like the Packages file) with md5sum collision in ~45minutes on a modern cpu now. I think that counts as broken. Luckily for us we also have the size of the file. MfG Goswin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]