[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: RPM submission procedure

From: Alan Cox <alan redhat com>
To: fedora-devel-list redhat com
Subject: Re: RPM submission procedure
Date: Thu, 8 Jan 2004 09:02:07 -0500

On Wed, Jan 07, 2004 at 08:41:52PM -0500, seth vidal wrote:
> > (BTW SHA please MD5 has flaws 8)
> What flaws in particular?
> 
> I'm not disagreeing I'm just not aware of them and am also curious why
> rpm --dump sompkgname still lists md5sums of files instead of sha1sum's.

I guess because nobody hash changed systems yet. Its not a pressing problem.
Of the 3 MD hash functions MD4 is broken entirely nowdays. MD2 has some
known limits which are not serious and MD5. Its currently estimated that
it would take someone several days to find an MD5 collision using custom
hardware because MD5 has some cryptoanalytic weaknesses.

SHA-1 (the original SHA-0 was broken) is a somewhat strong algorithm that
also has the advantage that people like the US government like it and
its part of FIPS PUB 180-2.

At the moment I don't believe (but I am not a cryptographer!) that MD5
is a problem, but it is very likely to become so as machines get faster.

Follow-Ups:
- Re: RPM submission procedure
  - From: Florian La Roche

References:
- Re: RPM submission procedure
  - From: Alan Cox
- Re: RPM submission procedure
  - From: Eric S. Raymond
- Re: RPM submission procedure
  - From: Alan Cox
- Re: RPM submission procedure
  - From: Eric S. Raymond
- Re: RPM submission procedure
  - From: Warren Togami
- Re: RPM submission procedure
  - From: Eric S. Raymond
- Re: RPM submission procedure
  - From: Warren Togami
- Re: RPM submission procedure
  - From: Eric S. Raymond
- Re: RPM submission procedure
  - From: Alan Cox
- Re: RPM submission procedure
  - From: seth vidal

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]