[CentOS-announce] Using sha256sum instead of md5sum for package checksums

Mon Dec 12 12:39:04 UTC 2011
Johnny Hughes <johnny at centos.org>

There are known Collision Attacks for the MD5SUM method of hashing, so
it is possible to modify a file and make it have the same MD5SUM as
another file.  See this link for details on Collision Attacks:


Recommendation from the US-CERT concerning MD5SUM hashes:


Based on the above information, the CentOS team will be using sha256sum
(sha-2) and not md5sum to generate future hashes for posting on our
e-mail announcements to the CentOS Announce Mailing List.

Johnny Hughes
The CentOS Project

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-announce/attachments/20111212/2d12f149/attachment-0004.sig>