Crypto, passwords
Kurt Roeckx
kurt at roeckx.be
Fri Jan 5 18:16:14 UTC 2018
On Fri, Jan 05, 2018 at 10:04:44AM -0500, Eric S. Raymond via devel wrote:
> > MD5 is no longer considered safe.
> > Is SHA1 considered safe? What other types should we test and/or suggest
> > people use?
>
> No, SHA1 is no longer considered safe. The first collision was generated
> early last year. The git team is considering a move to SHA-2 (I think - I
> might be out of date on this.)
For both MD5 and SHA1 it depends on what property of it is
important, which depends on how you use it. (I have no idea how
NTP uses it.) Both are still secure for preimage attacks but not for
collisions.
Kurt
More information about the devel
mailing list