David Maxwell <david@fundy.ca> wrote:

> On Wed, Dec 20, 2000 at 01:14:13PM +0100, Dominik Rothert wrote:
> > Why are we still using MD5? 
> Generating collisions is 'tough', having them be a valid file, is
> 'hard', and doing that on demand for a file server you have compromised
> is 'unlikely'.

I agree with you, we are talking about a really rare situation, but it
is possible to get in, so we should think about it.

> It seems reasonable that we start creating checksum files with md5 AND
> SHA-1 hashes,

Yes, due to compatibility this is a good idea for the first time.

Regards,
Dominik

-- 
/*  Dominik Rothert         |           dr@astorit.com  *
 *  A S T O R I T           |  http://www.astorit.com/  *
 *  Hohenzollernring 52     |       fon +49-221-251440  *
 *  50672 Cologne, Germany  |       fax +49-221-251443  */:wq!