Fedora Linux Support Community & Resources Center

Home Forums Posting Rules Linux Help Fedora Set-Up Guides Ask Fedora Fedora Project
Go Back   FedoraForum.org > Community Lounge > Wibble
Reload this Page md5
FedoraForum Search
Forgot Password? Join Us!
Register All Albums FAQ Search Today's Posts Mark Forums Read

Wibble A place to have a sensible chat, about anything non linux related. Please remember that political and religious topics are not permitted.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 6th August 2012, 08:53 PM
Pinback's Avatar
Pinback Offline
Registered User
  
Join Date: Aug 2012
Location: Notlob, Lancs ENGLAND
Posts: 5
linuxopera
md5
hi, i'm new here.

Just downloaded my first file and wanted to verify it.
So i looked for the md5 ... and couldn't find it!
So i searched and found that someone else had asked the question in 2009.
The answer given was:

Fedora doesn't use MD5 checksums any more because of the weaknesses found in the algorithm

Am i not right in saying that it was only a theoretical weakness that was found?
And that this "weakness" is still more than 10 times less likely than a DNA match?
Last edited by Pinback; 6th August 2012 at 08:53 PM. Reason: speeling mistook
Reply With Quote
  #2  
Old 6th August 2012, 08:56 PM
bob's Avatar
bob Online
Administrator (yeah, back again)
  
Join Date: Jul 2004
Location: Colton, NY; Junction of Heaven & Earth (also Routes 56 & 68).
Age: 67
Posts: 21,213
linuxfirefox
Re: md5
Um, since we're not Fedora Project, just a private Forum for working with Fedora, you really want to address any changes to Bugzilla (check the Fedora Project link above for info) the Project's request line. Meanwhile, sha256 is the method that Fedora now uses.

As to the hypothetical question involved, that really needs to be in Wibble, since it's really not about Fedora, just about the MD5 issue. I'll move it there.

BTW, from the FedoraProject site, here's their explanation on F14:
Quote:
Verify Fedora

Fedora does not publish MD5 or SHA1 hashes to verify images since they are not secure enough. Instead we have been using SHA256 since Fedora 11. In Linux, you can use sha256sum command (part of coreutils and installed by default) to verify the Fedora image
__________________
Linux & Beer - That TOTALLY Computes!
Registered Linux User #362651


Don't use any of my solutions on working computers or near small children.
Last edited by bob; 6th August 2012 at 09:05 PM.
Reply With Quote
  #3  
Old 6th August 2012, 09:26 PM
Pinback's Avatar
Pinback Offline
Registered User
  
Join Date: Aug 2012
Location: Notlob, Lancs ENGLAND
Posts: 5
linuxopera
Re: md5
Cheers for moving the post bob.
I wasn't intending to "report" it, i simply wanted to start a chat about it.
What do others think about it's "lack of security".
Maybe with the hope that there might be a cryptologist on the forum ...
__________________
Regards,
Pinback
Reply With Quote
  #4  
Old 7th August 2012, 12:28 AM
RupertPupkin's Avatar
RupertPupkin Offline
Registered User
  
Join Date: Nov 2006
Location: Detroit
Posts: 4,616
linuxfedorafirefox
Re: md5
So you're asking why Fedora would choose to use a more secure algorithm instead of a weaker one?
__________________
OS: Fedora 18 x86_64 | CPU: AMD64 3700+ 2.2GHz | RAM: 2GB PC3200 DDR | Disk: 160GB PATA | Video: ATI Radeon 7500 AGP 64MB | Sound: Turtle Beach Santa Cruz CS4630 | Ethernet: Realtek 8110SC
Reply With Quote
  #5  
Old 7th August 2012, 01:02 AM
pete_1967 Online
Clueless in a Cuckooland
  
Join Date: Mar 2006
Location: Here now, elsewhere tomorrow.
Posts: 3,923
linuxfirefox
Re: md5
http://en.wikipedia.org/wiki/MD5
http://www.win.tue.nl/hashclash/rogue-ca/
http://blog.mozilla.org/security/200...icate-forgery/
http://www.sslshopper.com/article-md...e-created.html
http://www.perlmonks.org/?node_id=386193

Enough reasons not to use MD5 for starters?
__________________
A Drink is Not Just For Christmas - SaskyCom :thumb:


“Give a man a fish; you have fed him for today. Teach a man to fish; and you have fed him for a lifetime” so now go and...
RTFM FIRST: http://docs.fedoraproject.org/ & http://rute.2038bug.com/index.html.gz
Reply With Quote
  #6  
Old 8th August 2012, 01:55 PM
Pinback's Avatar
Pinback Offline
Registered User
  
Join Date: Aug 2012
Location: Notlob, Lancs ENGLAND
Posts: 5
linuxopera
Re: md5
1)
as i said, i thought that it was only a theoretical issue but clearly it is not
"group of researchers described how to create a pair of files that share the same MD5 checksum"

2)
my plan was to simply start a chat about this issue.

thanks for your replies
__________________
Regards,
Pinback
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Current GMT-time: 17:30 (Tuesday, 21-05-2013)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.
Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

 FedoraForum is Powered by RedHat