[Cryptography] let's kill md5sum!
Tom Mitchell
mitch at niftyegg.com
Sat Jun 6 15:42:17 EDT 2015
On Fri, Jun 5, 2015 at 7:22 PM, Zooko Wilcox-OHearn <
zooko at leastauthority.com> wrote:
> Dear Perry's Crypto List folks:
>
> The time has come to kill off md5sum. Here's the letter I wrote to the
> GNU coreutils project advocating replacing md5sum with b2sum (BLAKE2)
>
........
> Any suggestions?
>
Well killing it is not an easy option. Storage and historic data
might have a md5 check sum to validate it. Many more cases
will turn up to the point that killing it is not an option.
As indicated data structures and data fields are constrained
and since the value is not the same even truncating should
not be an option (think strict type checking here).
Reread the awk, nawk, gawk name and transition history
to see how deeply some things are inserted into systems.
Compilers and compiler flags too..
There is a more general problem of "deprecating" and updating software.
System tools should have a way to invite then enforce updates.
Man and info pages are a good place to start.
Alternatives seems to be one context for managing a variety
of animals in the software barn yard.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150606/2fe486da/attachment.html>
More information about the cryptography
mailing list