On Sat, Nov 26, 2022 at 02:49:11PM +0100, Jiri Konecny wrote:
Adding also author of the question to the reply. Sorry for the noise.
Dne 26. 11. 22 v 14:43 Jiri Konecny napsal(a):
Hi,
I'm not a project maintainer but from my PoV this project is a bit in maintenance mode so I don't expect such a change. Also change of the hash algorithm should be done as a separate project probably -- it would mean renaming anyway. And honestly, I would expect that there are better alternatives now (did not looked for them so I might be wrong).
Brian, I guess you are the best person to ask about the project (based on the number of contributions. What do you think?
Best Regards, Jirka
Dne 22. 11. 22 v 21:49 Pappas, John W napsal(a):
Hello, I am wondering if there is a limitation on the size of hash that can be used to embed and validate. IE, why has this not moved to a more resilient hash?
There may be enough space to use a different hash, but I don't see any compelling reason to switch. md5 is still useful for integrity checking which is all that this is doing. It's not a crytographic check of the iso, it's main purpose is to let users know that something went wrong when they wrote it onto a CD, DVD, or flash drive so that they don't run into unexpected errors during the install.
FWIW it does use a string that starts with 'ISO MD5SUM = ' so in theory it could switch to a different algorithm and maintain backwards compatibility. It has 512 bytes available to use for the data.
Brian