This isn't as urgent as you make it out to be. There are just a few
people in the world, mostly Chinese researchers, who have the
capability to do this. I agree that SHA is better, but this clearly
isn't the type of thing that should hold up a Solr release!
phil.
On Dec 8, 2006, at 4:37 PM, Simon Willnauer wrote:
Hello,
I'm wondering why people still use MD5 for digital signatures and / or
checksums.
Recent results on the analysis of MD5 reduce the effort to find
collisions to a few minutes on an old notebook. Thus, collision and
multi-collision attacks on MD5 are feasible and practical.
I would recommend to migrate directly from MD5 to SHA-2 and add SHA-2
hashes to existing MD5 lists if possible. Wherever MD5 is still used
to detect the manipulation of
data or software, it must be replaced as soon as possible!
just my 2 cent.
best regards simon
On 12/8/06, Bertrand Delacretaz <[EMAIL PROTECTED]> wrote:
On 12/8/06, Chris Hostetter <[EMAIL PROTECTED]> wrote:
> ...but it got me wondering, what format do we want?...
The format that Yonik used works (on my macosx system, but also under
Linux I suspect) with
md5sum -c apache-solr-1.1.0-incubating.tgz.md5
which is convenient I think.
-Bertrand
--
Whirlycott
Philip Jacob
[EMAIL PROTECTED]
http://www.whirlycott.com/phil/