On 12/8/06, Chris Hostetter [EMAIL PROTECTED] wrote:
...but it got me wondering, what format do we want?...
The format that Yonik used works (on my macosx system, but also under
Linux I suspect) with
md5sum -c apache-solr-1.1.0-incubating.tgz.md5
which is convenient I think.
-Bertrand
: The format that Yonik used works (on my macosx system, but also under
: Linux I suspect) with
:
: md5sum -c apache-solr-1.1.0-incubating.tgz.md5
hey look at that ... a -c option on md5sum.
The FreeBSD md5 command doesn't seem to have a corrisponding check
command, so making sure md5sum -c
This isn't as urgent as you make it out to be. There are just a few
people in the world, mostly Chinese researchers, who have the
capability to do this. I agree that SHA is better, but this clearly
isn't the type of thing that should hold up a Solr release!
phil.
On Dec 8, 2006, at 4:37
Hello,
I'm wondering why people still use MD5 for digital signatures and / or
checksums.
Recent results on the analysis of MD5 reduce the effort to find
collisions to a few minutes on an old notebook. Thus, collision and
multi-collision attacks on MD5 are feasible and practical.
I would recommend
True, so do it proper if you can.
best regards simon
On 12/8/06, WHIRLYCOTT [EMAIL PROTECTED] wrote:
This isn't as urgent as you make it out to be. There are just a few
people in the world, mostly Chinese researchers, who have the
capability to do this. I agree that SHA is better, but this
Oh by the way I do have 2 people in this room being able to find
collisions to md5 within the next 15 minutes. But it is true that this
is quiet hypothetical .
anyway...
yours simon
On 12/8/06, Simon Willnauer [EMAIL PROTECTED] wrote:
True, so do it proper if you can.
best regards simon
On
On 12/8/06, Simon Willnauer [EMAIL PROTECTED] wrote:
Oh by the way I do have 2 people in this room being able to find
collisions to md5 within the next 15 minutes. But it is true that this
is quiet hypothetical .
anyway...
Can they also produce a malicious distribution of solr which hashes
: It _is_ a valid concern in general (I would never use md5 as a
: cryptographic hash, e.g., for passwords), but significantly less of a
: concern for this use. The most important role of the hash is to
: ensure no corruption occurred during transfer.
Bingo: We checksum the files with MD5, we
On 12/8/06, Chris Hostetter [EMAIL PROTECTED] wrote:
: It _is_ a valid concern in general (I would never use md5 as a
: cryptographic hash, e.g., for passwords), but significantly less of a
: concern for this use. The most important role of the hash is to
: ensure no corruption occurred during
