[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Guile 1.7.91 has been released.
|
From: |
Marius Vollmer |
|
Subject: |
Re: Guile 1.7.91 has been released. |
|
Date: |
Mon, 13 Feb 2006 21:50:28 +0200 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) |
address@hidden (Ludovic Courtès) writes:
> BTW, I'd strongly recommend using SHA1 sums (e.g., via `sha1sum', part
> of GNU Coreutils) rather than MD5.
Yeah, that's probably best.
> See the example at http://www.cits.rub.de/MD5Collisions/ if in
> doubt. ;-)
Well, they get to choose both texts that have a MD5 collision.
Looking at the PostScript source reveals that the texts have been
rigged, which should be enough if this goes to court. In our case, an
attacker would need to find a second meaningful text that collides
with the text that we provide. I guess that is much harder to do.
And the tarball is signed with a SHA1 hash anyway. Maybe I should
include the signature in the announcement and not a checksum...
--
GPG: D5D4E405 - 2F9B BCCC 8527 692A 04E3 331E FAF8 226A D5D4 E405
- Guile 1.7.91 has been released., Marius Vollmer, 2006/02/12
- Re: Guile 1.7.91 has been released., Bill Schottstaedt, 2006/02/13
- Re: Guile 1.7.91 has been released., Kevin Ryde, 2006/02/13
- Re: Guile 1.7.91 has been released., Bill Schottstaedt, 2006/02/13
- Re: Guile 1.7.91 has been released., Kevin Ryde, 2006/02/13
- Re: Guile 1.7.91 has been released., Bill Schottstaedt, 2006/02/13
- Re: Guile 1.7.91 has been released., Kevin Ryde, 2006/02/13
- Re: Guile 1.7.91 has been released., Kevin Ryde, 2006/02/13
- Re: Guile 1.7.91 has been released., Bill Schottstaedt, 2006/02/14