[Cryptography] Kali Linux security is a joke!
Dave Howe
DaveHowe at gmx.co.uk
Tue Mar 17 15:04:48 EDT 2015
On 17/03/2015 18:35, Dave Horsfall wrote:
> On Mon, 16 Mar 2015, Henry Baker wrote:
>
> [...]
>
>> What's the point of verifying md5sums against official values, if Kali
>> can't even get the "official values" securely ??
>
> I'm a bit concerned about the use of MD5; was it not broken i.e.
> collisions detected some years ago?
Sort of. Certainly, nothing new should be using it, as it is getting
close to the end of its useful lifetime, and it is quite practical to
create two hash targets with the same hash now (collision attack). Not
so sure about a preimage attack on something the size of an iso, but no
doubt that will come in time.
debian package file itself has multiple hashes, including sha256, so is
probably secure for at least our lifetimes :)
More information about the cryptography
mailing list