Timeline for Why is verifying downloads with MD5 hash considered insecure?
Current License: CC BY-SA 4.0
8 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jan 23, 2021 at 6:33 | comment | added | NReilingh | You have "heard nothing about MD5" simply because its obsolescence is old news! It has been considered vulnerable since at least 2005, whereas public SHA-1 collisions have been news in the past 5-6 years. | |
| Jan 22, 2021 at 23:23 | comment | added | eckes | Those checksums are typically not meant as a security protection as the checksum file is stored on the same website or fileserver as the ISO. But even if you wold obtain them offline, they are still 2nd pre-image resistant, so switching to a larger has is more or less cargo cult, but it doe not hurt to avoid algorithms which could fail in certain usage (besides the extra cpu and size overhead) | |
| Jan 22, 2021 at 20:06 | history | became hot network question | |||
| Jan 22, 2021 at 14:13 | vote | accept | GAD3R | ||
| Jan 22, 2021 at 14:03 | history | edited | Jeff Schaller♦ |
edited tags
|
|
| Jan 22, 2021 at 12:25 | answer | added | Gilles 'SO- stop being evil' | timeline score: 19 | |
| Jan 22, 2021 at 12:10 | history | edited | terdon♦ | CC BY-SA 4.0 |
Minor corrections
|
| Jan 22, 2021 at 12:04 | history | asked | GAD3R | CC BY-SA 4.0 |