Re: Securely downloading Ubuntu

On ti, 2008-01-22 at 19:32 +0000, Chris Lamb wrote:
> However, the MD5 digest algorithm is utterly broken

How broken is it? Can one reasonably expect that a well-provisioned
attacker can create an MD5SUMS file that has the wrong content but still
matches the GnuPG signature?

(I'm all in favor of moving to SHA256 or whatever is considered best
practice these days. I've just not heard that MD5 is really as broken as
I think Chris suggests here.)



--
ubuntu-devel mailing list
ubuntu-devel@...
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel