On Fri, 18 Mar 2005 14:46:03 -0700, Michal Jaegermann <michal@xxxxxxxxxxxx> wrote: > On Fri, Mar 18, 2005 at 02:55:44PM -0500, Ignacio Vazquez-Abrams wrote: > > > > FC4t1 uses sha1sum for some reason, not md5sum. > > Possibly because there was recently a successful crypographic attack > against SHA-1. :-) See > http://www.schneier.com/crypto-gram-0503.html > http://theory.csail.mit.edu/~yiqun/shanote.pdf > > Don't worry. It does not look like that this will be a practical > threat for signatures on distribution images, or many other things, > for quite a while yet. or rather, because of the successful cryptographic attack on md5 which appears to be approaching fast enough to be dangerous (see recent traffic on sci.crypt). The *current* SHA1 weaknesses still leave it stronger than unbroken md5.