Re: SHA-1 vs SHA256 + public key

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SHA-1 vs SHA256 + public key

From:	Mark H Weaver
Subject:	Re: SHA-1 vs SHA256 + public key
Date:	Tue, 23 May 2017 02:37:31 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

I wrote:
> The hashes included in the announcement are not able to provide secure
> authentication, regardless of what hash function is used, because the
> announcement itself might have been modified

I forgot that the announcement itself was signed, which invalidates much
of what I wrote earlier.  Sorry for the noise.

I agree that we should include stronger hashes in the announcement.

      Mark

[Prev in Thread]

Current Thread

[Next in Thread]

SHA-1 vs SHA256 + public key, Mark Rijckenberg, 2017/05/22
- Re: SHA-1 vs SHA256 + public key, Mark H Weaver, 2017/05/23
  - Re: SHA-1 vs SHA256 + public key, Mark H Weaver <=
    - Re: SHA-1 vs SHA256 + public key, Ludovic Courtès, 2017/05/23

Prev by Date: Re: SHA-1 vs SHA256 + public key
Next by Date: guix package web UI?
Previous by thread: Re: SHA-1 vs SHA256 + public key
Next by thread: Re: SHA-1 vs SHA256 + public key
Index(es):
- Date
- Thread