No more MD5 checksum

Please be informed that it is suggested that we no longer trust the MD5 checksum anymore.  It is very easy to create two different binaries with the same MD5 checksum.

Samiux

We knew md5 or even sha1 are no longer trustable, but could you explain why you need to re-emphasise it today? Is there any new vulnerability was found recently?

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP

We knew md5 or even sha1 are no longer trustable, but could you explain why you need to re-emphasise ...
cnewshk 發表於 2015-5-7 17:03


A researcher find a very easy way to make same MD5 checksum on two different binaries.  There are some download sites are still using MD5 checksum.  

I just to alert.

Samiux

TOP

Is there any alternative method to do intergity check of a file?

TOP

本帖最後由 uganda_martyr 於 2015-5-7 19:06 編輯
Please be informed that it is suggested that we no longer trust the MD5 checksum anymore.  It is ver ...
samiux 發表於 2015-5-7 16:45


So, what do you recommend?
Grateful for your advice.

TOP

@rhino and @uganda_martyr,

I may not be right but I suggest to use sha256sum for that purpose.

Samiux

TOP

In fact, checksum is important? Most important thing is NEVER download any software from untrusted source, eg. mainland forums pirate version, etc.

TOP

In fact, checksum is important? Most important thing is NEVER download any software from untrusted s ...
lazyfai 發表於 2015-5-7 21:47


May be you are right.  However, I am sorry to tell you that do not trust what you are downloaded even you do not download from untrust sources.

Samiux

TOP

Yes, you are right too.
In fact, if a hacker can replace a file on a download site with another file, he should be able to change the md5 or even sha256sum listed on the site as well.

TOP