[SoaS] File integrity (was: Re: [Systems] mirror management system)
Sascha Silbe
sascha-ml-ui-sugar-systems at silbe.org
Mon Oct 12 14:15:01 EDT 2009
On Mon, Oct 12, 2009 at 12:11:46PM -0500, David Farning wrote:
> 3. Security. We are going to have to consider that mirrors can be
> hijacked. ISOs will have to be shipped with md5 hashes.
MD5 is a very bad choice for authentication; it should be considered
broken. SHA-1 is starting to "fail" as well (but currently fine); AFAIK
SHA-256 should be safe choice mid-term.
If you only want to guard against technical failures (corrupted
download), MD5 is still fine of course.
CU Sascha
--
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: Digital signature
Url : http://lists.sugarlabs.org/archive/soas/attachments/20091012/155edd75/attachment.pgp
More information about the SoaS
mailing list