SHA1 vs crypto doc

Hal Murray hmurray at
Fri Jan 5 16:49:19 UTC 2018

> No, SHA1 is no longer considered safe.  The first collision was generated
> early last year. The git team is considering a move to SHA-2 (I think - I
> might be out of date on this.) 

Should we fix the documentation for the upcoming release?

And update ntpkeygen.

There are comments in the documentation saying that SHA1 is required by FIPS 
140-2.  Wikipedia says several attempts to update it have died.

These are my opinions.  I hate spam.

More information about the devel mailing list