[70418] branches/gsoc10-configfiles/base/src/cregistry/entry.c

Rainer Müller raimue at macports.org
Mon Aug 9 06:14:40 PDT 2010


On 2010-08-08 22:46 , Ryan Schmidt wrote:
> Is there a reason why you're using md5 and not sha1 or rmd160, or a
> combination of multiple algorithms like we do for portfile checksums?
> My understanding was that md5 is old and now considered insecure and
> should not be used for new code anymore.

There is no security required for this task, so why would it matter? The
existing code was always using MD5 for the checksum of imaged files, but
it was just not being stored in registry2.0 (registry1.0 did).

This is only used to check if a file has been modified, so any checksum
algorithm will do. Why would someone specifically craft a file that
produces the same checksum just to fool this test?

Rainer


More information about the macports-dev mailing list