Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Mar 2010 23:18:01 +0100
From:      Daniel Roethlisberger <daniel@roe.ch>
To:        freebsd-security@freebsd.org
Cc:        Elmar Stellnberger <elmstel@gmail.com>
Subject:   Re: online cheksum verification for FreeBSD
Message-ID:  <20100310221801.GD68311@calvin.ustdmz.roe.ch>
In-Reply-To: <4B97C1D1.7050209@gmail.com>
References:  <4B97AB28.8060403@gmail.com> <20100310185328.GD37825@server.vk2pj.dyndns.org> <4B97C1D1.7050209@gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Elmar Stellnberger <elmstel@gmail.com> 2010-03-10:
> > I notice that your tool only appears to store MD5 hashes - I presume
> > you are aware that the MD5 algorithm has been shown to have a number
> > of weaknesses and is not recommended for new applications.  This
> > is why FreeBSD has moved to using a combination of MD5 and SHA256.
> 
> Yes, we should use SHA-1 (or possibly a combination of SHA-1
> and MD5) for FreeBSD.  For openSUSE I had to use what has been
> available.

SHA-1 is not recommended for new applications either.  You should
probably use SHA-256.

Peter Jeremy <peterjeremy@acm.org> 2010-03-10:
> Also, your website mentions DSA is unsafe.  Could you please
> provide a reference for this claim as I am unaware of any
> results suggesting that DSA is less secure than RSA.

That claim might be based in the fact that original DSS limited
DSA key size to 1024 bits.  Since 2k and 3k DSA is available
these days, the claim that DSA is unsafe seems outdated.

-- 
Daniel Roethlisberger
http://daniel.roe.ch/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100310221801.GD68311>