[Cryptography] Kali Linux security is a joke!
codesinchaos at gmail.com
Thu Mar 19 13:51:29 EDT 2015
A collision attack requires attacker control over the original file.
In that case MD5 is utterly broken.
This would matter if the maintainer decided to produce two packages,
one malicious and one harmless with the same hash.
But if an attacker has no such influence they need a second pre-image
attack against the hash.
The best public (second) pre-image attacks are slightly faster than
brute-force and thus far from practical.
MD5 certainly isn't a great choice, but for software fingerprints it
isn't that big a risk.
More information about the cryptography