[SoaS] File integrity (was: Re: [Systems] mirror management system)

Sascha Silbe sascha-ml-ui-sugar-systems at silbe.org
Mon Oct 12 14:15:01 EDT 2009


On Mon, Oct 12, 2009 at 12:11:46PM -0500, David Farning wrote:

> 3. Security.  We are going to have to consider that mirrors can be
> hijacked.  ISOs will have to be shipped with md5 hashes.
MD5 is a very bad choice for authentication; it should be considered 
broken. SHA-1 is starting to "fail" as well (but currently fine); AFAIK 
SHA-256 should be safe choice mid-term.
If you only want to guard against technical failures (corrupted 
download), MD5 is still fine of course.

CU Sascha

-- 
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: Digital signature
Url : http://lists.sugarlabs.org/archive/soas/attachments/20091012/155edd75/attachment.pgp 


More information about the SoaS mailing list