In article <[🔎] E10ucwT-0004pM-00@polya> you write: >AFAIK, Jules is correct: MD5 sums are only cryptographically secure >(and there was a cryptic announcement by RSA which even throws that >into some doubt) if the correct length of the plaintext is also >known. Just curious: Is there anywhere I can find a reference (eg online) to the limitations of MD5sums? There is a program called md5sum that calculates or checks the md5sums of given files - perhaps this should really output the file size, too... ie if you are going to occupy disk space to save MD5sums, you might as well include the file length, too... Same for md5sums in Debian packages. Anyway, just my thoughts on the matter... I see that *.dsc and *.changes files already have the file size as well as the MD5sum so that should make these secure (assuming you believe MD5sums are secure). How secure are MD5sums??? -- Brian May <bam@snoopy.apana.org.au>
Attachment:
pgp3rdHd04Kc7.pgp
Description: PGP signature