This is the mail archive of the
cygwin-apps@cygwin.com
mailing list for the Cygwin project.
Re: [ITP] clamav-0.75.1-1 - A GPL virus scanner
Lapo Luchini wrote:
> Not so much OT: shouldn't we begin to use SHA256 as a file signature
> instead of MD5, gived that collisions are starting to be found? ;-)
> <http://www.schneier.com/crypto-gram-0409.html#3>
I know you were joking, but there's no need to switch away from MD5. It
was not "broken" in any meaningful way for the purposes of integrity
verification, i.e. it is still secure to preimage attacks.
And it's trivial to prove that any hash has an infinite number of
collisions.
Brian