online cheksum verification for FreeBSD
Daniel Roethlisberger
daniel at roe.ch
Wed Mar 10 22:18:04 UTC 2010
Elmar Stellnberger <elmstel at gmail.com> 2010-03-10:
> > I notice that your tool only appears to store MD5 hashes - I presume
> > you are aware that the MD5 algorithm has been shown to have a number
> > of weaknesses and is not recommended for new applications. This
> > is why FreeBSD has moved to using a combination of MD5 and SHA256.
>
> Yes, we should use SHA-1 (or possibly a combination of SHA-1
> and MD5) for FreeBSD. For openSUSE I had to use what has been
> available.
SHA-1 is not recommended for new applications either. You should
probably use SHA-256.
Peter Jeremy <peterjeremy at acm.org> 2010-03-10:
> Also, your website mentions DSA is unsafe. Could you please
> provide a reference for this claim as I am unaware of any
> results suggesting that DSA is less secure than RSA.
That claim might be based in the fact that original DSS limited
DSA key size to 1024 bits. Since 2k and 3k DSA is available
these days, the claim that DSA is unsafe seems outdated.
--
Daniel Roethlisberger
http://daniel.roe.ch/
More information about the freebsd-security
mailing list