[oe] Recent wordpress attacks and md5sum
papercrane at gmail.com
Sun Mar 4 23:40:23 CET 2007
On 3/4/07, Holger Freyther <zecke at selfish.org> wrote:
> Am 04.03.2007 um 18:53 schrieb Erik Hovland:
> > On Sun, Mar 04, 2007 at 05:54:08PM +0100, Holger Freyther wrote:
> >> PPS: Yeah md5 is cracked, so is the sha family, any other options?
> > Use sha256sum? NIST strongly encourages users to switch to sha-256 now
> > until they finish their hash competition.
> > sha256sum does come with modern versions of coreutils. SHA-256 should
> > not be compromised yet...
> Hi Erik,
> not being a crypto expert I heard complains of inbreed of the whole
> sha family. But I think sha256 is totally fine for our purpose (only
> the sums are so long...)
I'm not sure where you heard that but some very in the know crypto
people (at the Monotone Summit no less) are planning on moving from
SHA-1 to SHA-256. SHA-1 has not been entirely broken as of now as you
can't get a useful collision out of it. However, it is close. SHA-256
doesn't have this problem.
More information about the Openembedded-devel