-----BEGIN PGP SIGNED MESSAGE----- On Mon, 23 Jun 1997, Thomas Koenig wrote:
> I think we should start moving away from MD5 as our main hash function. > MD5 has known weaknesses so that an attacker can quite possibly create > two files, differing maybe in a single bit or in quite a few bytes, but > having the same MD5 checksum. As far as I know, Debian uses MD5 sums to avoid "random" alteration of files, not as a security measure against crackers, but I may be wrong. BTW: Just curiosity: I would be delighted to see two different files having the same md5sum. Do you have a simple example? -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 iQCVAgUBM66o0yqK7IlOjMLFAQHCsAP+OmOKorI69AZgN/t2XIa7Pljnw98imQl0 FaGs8/O4Qawtm/Iptu69hrsWn6bEgpOeA3NzeNgU12OknpTYl5jkniOqqwMSQjEM kJFu436Bf01DUR9jeT+73JeM0U0QBK7n53dOrefdyPir0MSA/+CdlFyJNJk/NB96 KOyoxT2zdjQ= =dNMM -----END PGP SIGNATURE----- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
