Crypto, passwords

Kurt Roeckx kurt at
Fri Jan 5 18:16:14 UTC 2018

On Fri, Jan 05, 2018 at 10:04:44AM -0500, Eric S. Raymond via devel wrote:
> > MD5 is no longer considered safe.
> > Is SHA1 considered safe?  What other types should we test and/or suggest 
> > people use?
> No, SHA1 is no longer considered safe.  The first collision was generated
> early last year. The git team is considering a move to SHA-2 (I think - I
> might be out of date on this.)

For both MD5 and SHA1 it depends on what property of it is
important, which depends on how you use it. (I have no idea how
NTP uses it.) Both are still secure for preimage attacks but not for


More information about the devel mailing list