[pacman-dev] md5sum's aren't used as cryptographic algorithm? (was: $ARCH suffix on packages)
roman.kyrylych at gmail.com
Wed Oct 11 17:06:44 EDT 2006
From the sibling thread:
> Why don't use both md5 and sha1 ? I don't mean md5 OR sha1, but md5 AND
> sha1. _I_think_ it's virtually impossible to fuck two different hash
This won't make the system more secure.
Because if somebody has the resources to find a collision in SHA1 then
I'm sure he/she/they can do the same with MD5.
And if they cannot do this for SHA1 then MD5 doesn't matter.
Only using SHA-512 or public key cryptography really solves security
problems with both MD5 and SHA1.
Roman Kyrylych (Роман Кирилич)
More information about the pacman-dev