True, so do it proper if you can.
best regards simon On 12/8/06, WHIRLYCOTT <[EMAIL PROTECTED]> wrote:
This isn't as urgent as you make it out to be. There are just a few people in the world, mostly Chinese researchers, who have the capability to do this. I agree that SHA is better, but this clearly isn't the type of thing that should hold up a Solr release! phil. On Dec 8, 2006, at 4:37 PM, Simon Willnauer wrote: > Hello, > I'm wondering why people still use MD5 for digital signatures and / or > checksums. > Recent results on the analysis of MD5 reduce the effort to find > collisions to a few minutes on an old notebook. Thus, collision and > multi-collision attacks on MD5 are feasible and practical. > I would recommend to migrate directly from MD5 to SHA-2 and add SHA-2 > hashes to existing MD5 lists if possible. Wherever MD5 is still used > to detect the manipulation of > data or software, it must be replaced as soon as possible! > > just my 2 cent. > > best regards simon > > On 12/8/06, Bertrand Delacretaz <[EMAIL PROTECTED]> wrote: >> On 12/8/06, Chris Hostetter <[EMAIL PROTECTED]> wrote: >> >> > ...but it got me wondering, what format do we want?... >> >> The format that Yonik used works (on my macosx system, but also under >> Linux I suspect) with >> >> md5sum -c apache-solr-1.1.0-incubating.tgz.md5 >> >> which is convenient I think. >> >> -Bertrand >> -- Whirlycott Philip Jacob [EMAIL PROTECTED] http://www.whirlycott.com/phil/