On Tue, 2005-03-15 at 20:03 +0600, Ivan Boldyrev wrote: > Arch uses MD5 internally. But MD5 is not weak hash function, it was > attacked many times, and recently first practical attack was created:
That attack you cite is just at finding two documents that have the same collision, which isn't a very useful attack against an arch archive. If someone finds a second pre-image attack against md5, then arch will be in trouble (but so will just about anything else). > GNU Arch must move away from MD5 ASAP. You're right, arch /does/ need to switch to something more secure eventually, but please don't spread FUD exaggerating the consequences of this most recent finding. -- Matthew Dempsky <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnu-arch-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-arch-users GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/
