[pacman-dev] md5sum's aren't used as cryptographic algorithm? (was: $ARCH suffix on packages)

Roman Kyrylych roman.kyrylych at gmail.com
Wed Oct 11 17:06:44 EDT 2006

From the sibling thread:
> Why don't use both md5 and sha1 ? I don't mean md5 OR sha1, but md5 AND
> sha1. _I_think_ it's virtually impossible to fuck two different hash
> algorithm.

This won't make the system more secure.
Because if somebody has the resources to find a collision in SHA1 then
I'm sure he/she/they can do the same with MD5.
And if they cannot do this for SHA1 then MD5 doesn't matter.

Only using SHA-512 or public key cryptography really solves security
problems with both MD5 and SHA1.

Roman Kyrylych (Роман Кирилич)

More information about the pacman-dev mailing list