On Sun, Feb 26, 2017 at 04:32:43PM +0000, Steven Chamberlain wrote: > To date, cdebootstrap still only implements MD5 verification of .deb > files, despite its formal deprecation as a digital signature algorithm > by RFC6151 (2011) and recommendations of academic literature years > prior.
I was not able to provide a real fix as I'm rather time constrained. However please provide this information, as I only found something with about 2^120 for preimage attacks on MD5, which is still not fesable in real live. Bastian -- Klingon phaser attack from front!!!!! 100% Damage to life support!!!!
