Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm kind of late to this discussion, but isn't the case for abandoning MD5 a bit premature? From the links I found on this thread and from google, it looks like there are 1) online MD5 hash databases which would only be useful for password cracking and 2) some specific perversion of pdf files to attach the wrong signature. That's hard to reconcile with the assertion that MD5 isn't useful for ensuring file transfer. Or have I missed the point?
Well, sure these hashes are useful for file transfers, but to put a file on a server and use only the md5sum or sha1sum to verify its integrity and safety is not recommended.
n 2005, researchers were able to create pairs of PostScript documents[14] and X.509 certificates[15] with the same hash. Later that year, MD5's designer Ron Rivest wrote, "md5 and sha1 are both clearly broken (in terms of collision-resistance),"[16] and RSA Laboratories wrote that "[n]ext-generation products will need to move to new algorithms."[17]
As mentioned before for MD5 it's trivial to have collisions.
For SHA1 the collision attack is quite infeasible. From the sources that you have send, anyone can clearly determine that it's not so feasible for the moment.
Cameron McDonald, Philip Hawkes and Josef Pieprzyk presented a hash collision attack with claimed complexity 252 at the Rump session of Eurocrypt 2009.[30] However, the accompanying paper, "Differential Path for SHA-1 with complexity O(2^{52})" has been withdrawn due to the authors' discovery that their estimate was incorrect.
...for actual coverage of the break. "They can find collisions in SHA-1 in 2**69 calculations, about 2,000 times faster than brute force. Right now, that is just on the far edge of feasibility with current technology. Two comparable massive computations illustrate that point." That's down from 2**80, so it's a concern, but not exactly the end of the world.
Still I haven't see any practical working implementation of computing collision hashes for SHA1.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.