lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAE2F3rDymUUDyXrxFyhSGe4k1jrsZih2DbXViA23wAND=XJuyg@mail.gmail.com>
Date:   Fri, 23 Sep 2022 11:12:42 -0700
From:   Daniel Mentz <danielmentz@...gle.com>
To:     Bhaskar Chowdhury <unixbhaskar@...il.com>
Cc:     masahiroy@...nel.org, lkml <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] kernel:gen_kheaders:Replace md5sum to sha256sum

On Fri, Sep 23, 2022 at 4:06 AM Bhaskar Chowdhury <unixbhaskar@...il.com> wrote:
> Thought to apply a better encryption mechanism.

MD5 and SHA256 are secure (or, in the case of MD5, not so secure) hash
algorithms, not encryption mechanisms.

> Replace all occurance of md5sum to sha256sum .

Looking at this script, I'm not convinced that it relies on MD5 being
a cryptophically secure hash function. It appears to me as if this
script uses MD5 to simply detect innocent changes to a set of files as
opposed to guarding against malicious attacks. I also found that
sha256sum takes almost three times longer than md5sum. So, in the
absence of security requirements, md5sum might actually be the better
choice because it's faster.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ