On Tue, 2011-06-28 at 16:19 -0400, Johannes B. Ullrich wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> couple links to articles I wrote about some of the issues.
>
> https://isc.sans.edu/diary.html?storyid=11110
Its funny you mention md5 being old and the sha algorithms. I was just
reading the other day about how md5 is not secure at all[1]. Which was
some what shocking given how many distros and projects used md5 hash
value to verify that a file has not been modified.
CERT published information on md5 vulnerabilities back in 2008[2], and
recommends it not be used anymore. But flaws in md5 date back to
1998[1]. Which makes no sense why so many things use and rely on md5
hashes. SHA-1 should have been used instead, but that has since also
been proven vulnerable back in 2005[3]. Leaving only SHA-2 family and
the currently in development SHA-3[4].
Thus the only secure hash at this time is SHA-2 family, till SHA-3 is
finished being developed and released.
1. http://en.wikipedia.org/wiki/MD5
2. http://www.kb.cert.org/vuls/id/836068
3. http://en.wikipedia.org/wiki/SHA-1
4. http://en.wikipedia.org/wiki/SHA-2
--
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com
---------------------------------------------------------------------
Archive http://marc.info/?l=jaxlug-list&r=1&w=2
RSS Feed http://www.mail-archive.com/[email protected]/maillist.xml
Unsubscribe [email protected]
