various
Gregory Maxwell
gmaxwell at gmail.com
Fri Mar 18 21:58:32 UTC 2005
On Fri, 18 Mar 2005 14:46:03 -0700, Michal Jaegermann
<michal at harddata.com> wrote:
> On Fri, Mar 18, 2005 at 02:55:44PM -0500, Ignacio Vazquez-Abrams wrote:
> >
> > FC4t1 uses sha1sum for some reason, not md5sum.
>
> Possibly because there was recently a successful crypographic attack
> against SHA-1. :-) See
> http://www.schneier.com/crypto-gram-0503.html
> http://theory.csail.mit.edu/~yiqun/shanote.pdf
>
> Don't worry. It does not look like that this will be a practical
> threat for signatures on distribution images, or many other things,
> for quite a while yet.
or rather, because of the successful cryptographic attack on md5 which
appears to be approaching fast enough to be dangerous (see recent
traffic on sci.crypt).
The *current* SHA1 weaknesses still leave it stronger than unbroken md5.
More information about the fedora-test-list
mailing list