Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Vlastimil Babka <caster@g.o>
Subject: Re: Notification about MD5 support
Date: Thu, 21 Sep 2006 16:49:56 +0200
Mike Frysinger wrote:
> ok, but it just seems silly to go cutting MD5 but leaving SHA1 ... if we're 
> going to be leaving an insecure format, we might as well keep the one that is 
> a virtual standard in and of itself (MD5)
> -mike

GLEP 44 says:
<snip>
For compability though we have to rely on at least one hash function to 
always be present, this proposal suggest to use SHA1 for this purpose 
(as it is supposed to be more secure than MD5 and currently only SHA1 
and MD5 are directly available in python, also MD5 doesn't have any 
benefit in terms of compability).
</snip>

Although the "more secure than MD5" part is now questionable, I suppose 
the "directly available in python" part still holds? One point of the 
GLEP is to make tree smaller, so why keep more insecure formats when the 
room they would occupy can be used for more secure formats like 
sha256/512, although those can't be deemed the mandatory ones because 
they're not directly in python.
So if both MD5 and SHA1 are now insecure but one of them needs to be the 
mandatory one, the question is, is it still harder to crack SHA1 than 
MD5? If yes, then just forget MD5.

-- 
Vlastimil Babka (Caster)
Gentoo/Java
-- 
gentoo-dev@g.o mailing list


Replies:
Re: Notification about MD5 support
-- Hanno Böck
Re: Notification about MD5 support
-- Mike Frysinger
References:
Notification about MD5 support
-- Marius Mauch
Re: Notification about MD5 support
-- Mike Frysinger
Re: Notification about MD5 support
-- Brian Harring
Re: Notification about MD5 support
-- Mike Frysinger
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Notification about MD5 support
Next by thread:
Re: Notification about MD5 support
Previous by date:
Re: RFC about another *DEPEND variable
Next by date:
Re: RFC about another *DEPEND variable


Updated Jun 17, 2009

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.