Date: Thu, 15 Nov 2007 11:48:19 +0100 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-questions@freebsd.org Subject: Re: FreeBSD-7.0-Beta2 (i386) on Opteron? Message-ID: <fhh7ur$2p0$1@ger.gmane.org> In-Reply-To: <473B819A.1000802@gmail.com> References: <1134a9e0711141440w49740a0dvf9d73e06ba122eca@mail.gmail.com> <473B8062.8030508@FreeBSD.org> <473B819A.1000802@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Aryeh M. Friedman wrote: > >> Sounds like you might have a corrupted installation. Did you >> verify the MD5 checksum on the ISO images? > This is completely off topic but MD5 is not secure: > http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf > > Similar weaknesses have been found in the entire MD/SHA families. It may not be secure for deliberate attacks (probably on short messages) but it's still safe as a "checksum" for random corruption, and I believe also for passwords (i.e. /etc/passwd) since a) the attacker usually doesn't know the hash in advance, b) the wildly used passwd hash algorithm is not pure MD5 but involves many passes of a MD5-like loop (designed I think by phk), and c) it uses "salting" on top of all that.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fhh7ur$2p0$1>