SHA1 vs crypto doc

Eric S. Raymond esr at
Fri Jan 5 17:59:53 UTC 2018

Hal Murray <hmurray at>:
> > No, SHA1 is no longer considered safe.  The first collision was generated
> > early last year. The git team is considering a move to SHA-2 (I think - I
> > might be out of date on this.) 
> Should we fix the documentation for the upcoming release?

What could we say, other than: "Both MD5 and SHA-1 have been compromised.
Don't trust either of the alternatives we actually support." :-)

> And update ntpkeygen.

Again, I'm not clear what we could do here.  The code's assuptions have dated 
badly, but...

> There are comments in the documentation saying that SHA1 is required by FIPS 
> 140-2.  Wikipedia says several attempts to update it have died. you've noted, there is no standardized replacement.

It's an unfortunate situation.  Updating ntpkeygen would be easy if we knew
what the right crypto to use were - it's only 100 lines in Python, which has
very good libraries for this sort of thing.  Alas, the Right Thing is very
ill-defined here.
		<a href="">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute:
Please visit their site and donate: the civilization you save might be your own.

More information about the devel mailing list