[Bug 1883983] Re: MD5 is comprehensively broken at this point
Axel Beckert
1883983 at bugs.launchpad.net
Wed Jun 17 22:11:53 UTC 2020
debsums uses MD5 because dpkg uses MD5.
** Also affects: dpkg (Ubuntu)
Importance: Undecided
Status: New
** Bug watch added: Debian Bug tracker #849377
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849377
** Also affects: debsums (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849377
Importance: Unknown
Status: Unknown
** Bug watch added: Debian Bug tracker #540215
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540215
** Also affects: debhelper (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540215
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dpkg in Ubuntu.
https://bugs.launchpad.net/bugs/1883983
Title:
MD5 is comprehensively broken at this point
Status in debsums package in Ubuntu:
New
Status in dpkg package in Ubuntu:
New
Status in debhelper package in Debian:
Unknown
Status in debsums package in Debian:
Unknown
Bug description:
https://en.wikipedia.org/wiki/MD5#Collision_vulnerabilities - MD5 is
comprehensively broken at this point. Debsums still claims to be using
md5.
Perhaps it is time to either remove debsums as being insufficient to
the task, or upgrade the hash that debsums uses to a stronger hash.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/debsums/+bug/1883983/+subscriptions
More information about the foundations-bugs
mailing list