Oh by the way I do have 2 people in this room being able to find collisions to md5 within the next 15 minutes. But it is true that this is quiet hypothetical .
anyway... yours simon On 12/8/06, Simon Willnauer <[EMAIL PROTECTED]> wrote:
True, so do it proper if you can. best regards simon On 12/8/06, WHIRLYCOTT <[EMAIL PROTECTED]> wrote: > This isn't as urgent as you make it out to be. There are just a few > people in the world, mostly Chinese researchers, who have the > capability to do this. I agree that SHA is better, but this clearly > isn't the type of thing that should hold up a Solr release! > > phil. > > On Dec 8, 2006, at 4:37 PM, Simon Willnauer wrote: > > > Hello, > > I'm wondering why people still use MD5 for digital signatures and / or > > checksums. > > Recent results on the analysis of MD5 reduce the effort to find > > collisions to a few minutes on an old notebook. Thus, collision and > > multi-collision attacks on MD5 are feasible and practical. > > I would recommend to migrate directly from MD5 to SHA-2 and add SHA-2 > > hashes to existing MD5 lists if possible. Wherever MD5 is still used > > to detect the manipulation of > > data or software, it must be replaced as soon as possible! > > > > just my 2 cent. > > > > best regards simon > > > > On 12/8/06, Bertrand Delacretaz <[EMAIL PROTECTED]> wrote: > >> On 12/8/06, Chris Hostetter <[EMAIL PROTECTED]> wrote: > >> > >> > ...but it got me wondering, what format do we want?... > >> > >> The format that Yonik used works (on my macosx system, but also under > >> Linux I suspect) with > >> > >> md5sum -c apache-solr-1.1.0-incubating.tgz.md5 > >> > >> which is convenient I think. > >> > >> -Bertrand > >> > > > -- > Whirlycott > Philip Jacob > [EMAIL PROTECTED] > http://www.whirlycott.com/phil/ > > >
