Time to stop using md5sums
Johannes Winkelmann wrote:
> Danny,
>
> On Wed, Jan 07, 2009 at 15:23:39 +1100, Danny Rawlins wrote:
>
>> Hi as predatorfreak tried to pus sha256 and CRUX devs shrugged it off
>> and didn't do anything [...]
>>
> Maybe you want to go read through
> http://crux.nu/bugs/index.php?do=details&task_id=223
> again before claiming that "CRUX devs shrugged it off". The last message
> is predatorfreak saying that he'll "'ll produce a hard-break patch and
> submit it here later, as a hard break seems to be the preferred solution
> by most people."
>
>
Uh what is a "hard break patch"? A hard coded patch in place of md5sum
than a add on to use sha256 with md5 at the same time?
Or is it to do with breaking the patch up into smaller patches? Or
something else I did search and did not find the answer to that.
If i knew I may fix the patch or whatever it is your waiting on being
done, and it would of been nice if this got done for CRUX-2.5.
>
>> well how much more proof do you need that md5 is
>> insecure?
>>
>> MD5 Is Officially Insecure: Hackers Break SSL Certificates, Impersonate CA
>> http://www.dailytech.com/article.aspx?newsid=13842
>>
> Have you even read that document?
>
> This document is specific to MD5 in a Public Key Infrastructure
> scenario. How does that apply to .md5sum in ports? Please explain.
>
Yes but it shows md5 is insecure, the comment on the bug report shows
the real attack of a "malicious open-source developer" on the bug
comments. http://crux.nu/bugs/index.php?do=details&task_id=223#comments
> Johannes
>
Regards,
Danny Rawlins
_______________________________________________
CRUX mailing list
CRUX@lists.crux.nu
http://lists.crux.nu/mailman/listinfo/crux
|
