On Sat, Nov 26, 2022 at 02:49:11PM +0100, Jiri Konecny wrote:
Adding also author of the question to the reply. Sorry for the
noise.
Dne 26. 11. 22 v 14:43 Jiri Konecny napsal(a):
> Hi,
>
> I'm not a project maintainer but from my PoV this project is a bit in
> maintenance mode so I don't expect such a change. Also change of the
> hash algorithm should be done as a separate project probably -- it
> would mean renaming anyway. And honestly, I would expect that there
> are better alternatives now (did not looked for them so I might be wrong).
>
> Brian, I guess you are the best person to ask about the project (based
> on the number of contributions. What do you think?
>
> Best Regards,
> Jirka
>
> Dne 22. 11. 22 v 21:49 Pappas, John W napsal(a):
>>
>> Hello, I am wondering if there is a limitation on the size of hash
>> that can be used to embed and validate. IE, why has this not moved
>> to a more resilient hash?
There may be enough space to use a different hash, but I don't see any
compelling reason to switch. md5 is still useful for integrity checking
which is all that this is doing. It's not a crytographic check of the
iso, it's main purpose is to let users know that something went wrong
when they wrote it onto a CD, DVD, or flash drive so that they don't run
into unexpected errors during the install.
FWIW it does use a string that starts with 'ISO MD5SUM = ' so in theory
it could switch to a different algorithm and maintain backwards
compatibility. It has 512 bytes available to use for the data.
Brian
--
Brian C. Lane (PST8PDT) - weldr.io - lorax - parted - pykickstart