FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CRUX > CRUX

 
 
LinkBack Thread Tools
 
Old 01-07-2009, 03:23 AM
Danny Rawlins
 
Default Time to stop using md5sums

Hi as predatorfreak tried to pus sha256 and CRUX devs shrugged it off
and didn't do anything well how much more proof do you need that md5 is
insecure?

MD5 Is Officially Insecure: Hackers Break SSL Certificates, Impersonate CA
http://www.dailytech.com/article.aspx?newsid=13842

Regards,
Danny Rawlins
_______________________________________________
CRUX mailing list
CRUX@lists.crux.nu
http://lists.crux.nu/mailman/listinfo/crux
 
Old 01-07-2009, 06:15 AM
Johannes Winkelmann
 
Default Time to stop using md5sums

Danny,

On Wed, Jan 07, 2009 at 15:23:39 +1100, Danny Rawlins wrote:
> Hi as predatorfreak tried to pus sha256 and CRUX devs shrugged it off
> and didn't do anything [...]
Maybe you want to go read through
http://crux.nu/bugs/index.php?do=details&task_id=223
again before claiming that "CRUX devs shrugged it off". The last message
is predatorfreak saying that he'll "'ll produce a hard-break patch and
submit it here later, as a hard break seems to be the preferred solution
by most people."


> well how much more proof do you need that md5 is
> insecure?
>
> MD5 Is Officially Insecure: Hackers Break SSL Certificates, Impersonate CA
> http://www.dailytech.com/article.aspx?newsid=13842
Have you even read that document?

This document is specific to MD5 in a Public Key Infrastructure
scenario. How does that apply to .md5sum in ports? Please explain.

Johannes
--
Johannes Winkelmann mailto:jw@smts.ch
Zurich, Switzerland http://jw.smts.ch
_______________________________________________
CRUX mailing list
CRUX@lists.crux.nu
http://lists.crux.nu/mailman/listinfo/crux
 
Old 01-07-2009, 06:29 AM
Danny Rawlins
 
Default Time to stop using md5sums

Johannes Winkelmann wrote:
> Danny,
>
> On Wed, Jan 07, 2009 at 15:23:39 +1100, Danny Rawlins wrote:
>
>> Hi as predatorfreak tried to pus sha256 and CRUX devs shrugged it off
>> and didn't do anything [...]
>>
> Maybe you want to go read through
> http://crux.nu/bugs/index.php?do=details&task_id=223
> again before claiming that "CRUX devs shrugged it off". The last message
> is predatorfreak saying that he'll "'ll produce a hard-break patch and
> submit it here later, as a hard break seems to be the preferred solution
> by most people."
>
>
Uh what is a "hard break patch"? A hard coded patch in place of md5sum
than a add on to use sha256 with md5 at the same time?
Or is it to do with breaking the patch up into smaller patches? Or
something else I did search and did not find the answer to that.

If i knew I may fix the patch or whatever it is your waiting on being
done, and it would of been nice if this got done for CRUX-2.5.
>
>> well how much more proof do you need that md5 is
>> insecure?
>>
>> MD5 Is Officially Insecure: Hackers Break SSL Certificates, Impersonate CA
>> http://www.dailytech.com/article.aspx?newsid=13842
>>
> Have you even read that document?
>
> This document is specific to MD5 in a Public Key Infrastructure
> scenario. How does that apply to .md5sum in ports? Please explain.
>
Yes but it shows md5 is insecure, the comment on the bug report shows
the real attack of a "malicious open-source developer" on the bug
comments. http://crux.nu/bugs/index.php?do=details&task_id=223#comments
> Johannes
>
Regards,
Danny Rawlins
_______________________________________________
CRUX mailing list
CRUX@lists.crux.nu
http://lists.crux.nu/mailman/listinfo/crux
 

Thread Tools




All times are GMT. The time now is 12:43 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org