Securely downloading Ubuntu
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Tue Jan 29 13:36:41 UTC 2008
On Jan 28, 2008, at 5:28 PM, Neal McBurnett wrote:
> Cryptographers are nervous about not only MD5, but also all the
> functions in the same class, which includes SHA-1 and SHA-256. The
> latter ones use more bits and thus have more life in them than MD5
This is an oversimplification. The SHA-2 family is not merely a longer
SHA-1; while closely based on SHA-1, the SHA-2 compression function is
different enough that the resulting hashes are much stronger, and
practical attacks on SHA-2 are considered unlikely in at least the
next ten years.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
More information about the Ubuntu-devel-discuss
mailing list