[oe] Recent wordpress attacks and md5sum
Justin Patrin
papercrane at gmail.com
Sun Mar 4 22:40:23 UTC 2007
On 3/4/07, Holger Freyther <zecke at selfish.org> wrote:
>
> Am 04.03.2007 um 18:53 schrieb Erik Hovland:
>
> > On Sun, Mar 04, 2007 at 05:54:08PM +0100, Holger Freyther wrote:
> >> PPS: Yeah md5 is cracked, so is the sha family, any other options?
> >
> > Use sha256sum? NIST strongly encourages users to switch to sha-256 now
> > until they finish their hash competition.
> >
> > sha256sum does come with modern versions of coreutils. SHA-256 should
> > not be compromised yet...
>
> Hi Erik,
>
> not being a crypto expert I heard complains of inbreed of the whole
> sha family. But I think sha256 is totally fine for our purpose (only
> the sums are so long...)
>
I'm not sure where you heard that but some very in the know crypto
people (at the Monotone Summit no less) are planning on moving from
SHA-1 to SHA-256. SHA-1 has not been entirely broken as of now as you
can't get a useful collision out of it. However, it is close. SHA-256
doesn't have this problem.
--
Justin Patrin
More information about the Openembedded-devel
mailing list