On 22:58 Wed 11 Oct , Alessio 'mOLOk' Bolognino wrote:
On 23:48 Wed 11 Oct , Roman Kyrylych wrote:
2006/10/11, VMiklos <vmiklos@frugalware.org>:
Then why Frugalware guys use it instead of md5 now? What advantages it gives them? I'm just curious.
with md5sum, it's almost trivial to make collosions. mirrors can change packages without having the md5sum changed. with sha1, this is much more difficult
and of course we know that sha1 is not a cryptographical algorithm, either. i plan to came up with an "optional support for gpg signatures" patch, just it's far from complete at the moment
That's what I was thinking about. I know that there was more than enought articles about collisions in MD5 algorithm recently. And I don't think that using more secure hashing algorithm is paranoic. IMHO SHA-512 (which is _not_the_same_ as SHA1) will be right choice. GPG is much more complex to implement.
But I see another thread about this is started, so let move there.
-- Roman Kyrylych (Роман Кирилич)
Why don't use both md5 and sha1 ? I don't mean md5 OR sha1, but md5 AND sha1. _I_think_ it's virtually impossible to fuck two different hash algorithm.
P.s. I'm just an arch user :)
Ok somebody else already said that, I didn't read the whole ml archive. -- Alessio 'mOLOk' Bolognino