On Wed, 16 Mar 2005, Andrew Suffield wrote: > On Wed, Mar 16, 2005 at 10:02:35AM +0100, Karel Gardas wrote: > > On Wed, 16 Mar 2005, Andrew Suffield wrote: > > > > > On Wed, Mar 16, 2005 at 12:26:30PM +0600, Ivan Boldyrev wrote: > > > > > If someone finds a second pre-image attack against md5, then arch > > > > > will be in trouble (but so will just about anything else). > > > > > > > > MD5 is considered insecure for many years. Arch is already in trouble > > > > because Arch developers do not understand security. > > > > > > > > I am not security expert too, but designing security attack against > > > > Arch took less time than writing this message. > > > > > > This is pure nonsense. Go away and read /Beyond Fear/, and maybe > > > /Secrets & Lies/ as well. And CRYPTO-GRAM too, while you're at > > > it. I've seen journalists with better comprehension of security. > > > > I don't fully agree with Ivan's notes, but this does not change anything > > about the danger of using MD5, or does it? > > There's no real danger to using MD5. It's not like there's anything > else you could be doing that would be any stronger.
Perhaps just use more stronger hash function implementation? Karel -- Karel Gardas [EMAIL PROTECTED] ObjectSecurity Ltd. http://www.objectsecurity.com _______________________________________________ Gnu-arch-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-arch-users GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/
