lucene-solr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yoav Shapira" <>
Subject Re: Re: "correct" format for the md5 files?
Date Fri, 08 Dec 2006 23:22:33 GMT
BTW, for those concerned, there's nothing at the ASF that says you
must use only MD5.  You can add SHA-1 or any other algorithm if you
want.  See Ant for example: they've been doing MD5 and SHA-1 side by
side for years now (


On 12/8/06, Yonik Seeley <> wrote:
> On 12/8/06, Chris Hostetter <> wrote:
> > : It _is_ a valid concern in general (I would never use md5 as a
> > : cryptographic hash, e.g., for passwords), but significantly less of a
> > : concern for this use.  The most important role of the hash is to
> > : ensure no corruption occurred during transfer.
> >
> > Bingo:  We checksum the files with MD5, we sign the files with GPG
> And the standard digital signature content hash is defined to be SHA-1
> AFAIK.  And yes, someone has managed to find a way to get collisions
> in SHA1 hashes in less time than it would take to purely guess at
> random.  But let's be serious... for our projects it's going to be far
> easier and cheaper to circumvent the encryption than break it.
> When PGP/GPG switch to a different mechanism by default, so will we.
> -Yonik

View raw message