Securely downloading Ubuntu
Lars Wirzenius
lars at canonical.com
Mon Jan 28 14:44:05 GMT 2008
On ti, 2008-01-22 at 19:32 +0000, Chris Lamb wrote:
> However, the MD5 digest algorithm is utterly broken
How broken is it? Can one reasonably expect that a well-provisioned
attacker can create an MD5SUMS file that has the wrong content but still
matches the GnuPG signature?
(I'm all in favor of moving to SHA256 or whatever is considered best
practice these days. I've just not heard that MD5 is really as broken as
I think Chris suggests here.)
More information about the ubuntu-devel
mailing list