FAQ

On Monday 12 December 2011, Johnny Hughes wrote:

There are known Collision Attacks for the MD5SUM method of hashing,
so it is possible to modify a file and make it have the same MD5SUM
as another file. See this link for details on Collision Attacks:

http://en.wikipedia.org/wiki/Collision_attack

Recommendation from the US-CERT concerning MD5SUM hashes:

http://www.kb.cert.org/vuls/id/836068

Based on the above information, the CentOS team will be using
sha256sum (sha-2) and not md5sum to generate future hashes for
posting on our e-mail announcements to the CentOS Announce Mailing
List.
MD5 is certainly broken, but would it be sufficient to go to sha1sum?
According to my quick testing, sha256sum takes twice as long as sha1sum.

--
Yves Bellefeuille <yan at storm.ca>
"La Esperanta Civito ne rifuzas anticipe la kunlaboron de erarintoj, se
ili konscias pri sia eraro." -- Heroldo Komunikas, n-ro 473.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcentos @
categoriescentos
postedDec 13, '11 at 10:46p
activeDec 13, '11 at 10:46p
posts1
users1
websitecentos.org
irc#centos

1 user in discussion

Yves Bellefeuille: 1 post

People

Translate

site design / logo © 2022 Grokbase