FreeBSD-7.0-Beta2 (i386) on Opteron?
Ivan Voras
ivoras at freebsd.org
Thu Nov 15 02:45:10 PST 2007
Aryeh M. Friedman wrote:
>
>> Sounds like you might have a corrupted installation. Did you
>> verify the MD5 checksum on the ISO images?
> This is completely off topic but MD5 is not secure:
> http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf
>
> Similar weaknesses have been found in the entire MD/SHA families.
It may not be secure for deliberate attacks (probably on short messages)
but it's still safe as a "checksum" for random corruption, and I believe
also for passwords (i.e. /etc/passwd) since a) the attacker usually
doesn't know the hash in advance, b) the wildly used passwd hash
algorithm is not pure MD5 but involves many passes of a MD5-like loop
(designed I think by phk), and c) it uses "salting" on top of all that.
More information about the freebsd-questions
mailing list