Hello, I am wondering if there is a limitation on the size of hash that can be used to embed and validate. IE, why has this not moved to a more resilient hash?
Thanks so much! John
-- John Pappas DSO Engineer, C2BMC (RMS: Rotary and Mission Systems) Colorado Springs, CO (COS) (O) 719-277-5377 (M) 720-254-1442
Hi,
I'm not a project maintainer but from my PoV this project is a bit in maintenance mode so I don't expect such a change. Also change of the hash algorithm should be done as a separate project probably -- it would mean renaming anyway. And honestly, I would expect that there are better alternatives now (did not looked for them so I might be wrong).
Brian, I guess you are the best person to ask about the project (based on the number of contributions. What do you think?
Best Regards, Jirka
Dne 22. 11. 22 v 21:49 Pappas, John W napsal(a):
Hello, I am wondering if there is a limitation on the size of hash that can be used to embed and validate. IE, why has this not moved to a more resilient hash?
Thanks so much!
John
--
John Pappas
DSO Engineer, C2BMC (RMS: Rotary and Mission Systems)
Colorado Springs, CO (COS)
(O) 719-277-5377
(M) 720-254-1442
Anaconda-devel mailing list --anaconda-devel@lists.fedoraproject.org To unsubscribe send an email toanaconda-devel-leave@lists.fedoraproject.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/anaconda-devel@lists.fedorapro... Do not reply to spam, report it:https://pagure.io/fedora-infrastructure/new_issue
Adding also author of the question to the reply. Sorry for the noise.
Dne 26. 11. 22 v 14:43 Jiri Konecny napsal(a):
Hi,
I'm not a project maintainer but from my PoV this project is a bit in maintenance mode so I don't expect such a change. Also change of the hash algorithm should be done as a separate project probably -- it would mean renaming anyway. And honestly, I would expect that there are better alternatives now (did not looked for them so I might be wrong).
Brian, I guess you are the best person to ask about the project (based on the number of contributions. What do you think?
Best Regards, Jirka
Dne 22. 11. 22 v 21:49 Pappas, John W napsal(a):
Hello, I am wondering if there is a limitation on the size of hash that can be used to embed and validate. IE, why has this not moved to a more resilient hash?
Thanks so much!
John
--
John Pappas
DSO Engineer, C2BMC (RMS: Rotary and Mission Systems)
Colorado Springs, CO (COS)
(O) 719-277-5377
(M) 720-254-1442
Anaconda-devel mailing list --anaconda-devel@lists.fedoraproject.org To unsubscribe send an email toanaconda-devel-leave@lists.fedoraproject.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/anaconda-devel@lists.fedorapro... Do not reply to spam, report it:https://pagure.io/fedora-infrastructure/new_issue
On Sat, Nov 26, 2022 at 02:49:11PM +0100, Jiri Konecny wrote:
Adding also author of the question to the reply. Sorry for the noise.
Dne 26. 11. 22 v 14:43 Jiri Konecny napsal(a):
Hi,
I'm not a project maintainer but from my PoV this project is a bit in maintenance mode so I don't expect such a change. Also change of the hash algorithm should be done as a separate project probably -- it would mean renaming anyway. And honestly, I would expect that there are better alternatives now (did not looked for them so I might be wrong).
Brian, I guess you are the best person to ask about the project (based on the number of contributions. What do you think?
Best Regards, Jirka
Dne 22. 11. 22 v 21:49 Pappas, John W napsal(a):
Hello, I am wondering if there is a limitation on the size of hash that can be used to embed and validate. IE, why has this not moved to a more resilient hash?
There may be enough space to use a different hash, but I don't see any compelling reason to switch. md5 is still useful for integrity checking which is all that this is doing. It's not a crytographic check of the iso, it's main purpose is to let users know that something went wrong when they wrote it onto a CD, DVD, or flash drive so that they don't run into unexpected errors during the install.
FWIW it does use a string that starts with 'ISO MD5SUM = ' so in theory it could switch to a different algorithm and maintain backwards compatibility. It has 512 bytes available to use for the data.
Brian
anaconda-devel@lists.fedoraproject.org