SHA1 and MD5 have been individually compromised, but a combined hash has not been.
Regardless, Sebb's comment that hashes are worthless for authentication and tamper-detection is spot-on. You have to look to trusted signatures for that. On Thu, Jan 26, 2017 at 10:20 AM, Mike Lissner < mliss...@michaeljaylissner.com> wrote: > I filed a bug about this already, but I've been directed to email here > instead. The bug I filed is: > https://issues.apache.org/jira/browse/INFRA-12626 > > Basically, on download pages we provide obsolete hashes for our downloads > (MD5 and SHA1). These are meant, as I understand it, to serve two purposes. > First, they allow you to make sure that your download succeeded. Second, > they allow you to ensure that your download wasn't tampered with. > > For the first purpose: Great. They work. For the second purpose, however, > we need to move away from MD5 and SHA1 hashes, both of which can now be > attacked with relatively modest hardware. > > Browsers are moving away from SHA1 at a very fast pace. See: > > https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html > > And: > > https://blog.mozilla.org/security/2014/09/23/phasing- > out-certificates-with-sha-1-based-signature-algorithms/ > > I don't know who's responsible for this, but my bug was closed because it's > not the infrastructure team, and so I'm trying here. > > I suggest we move to SHA2 hashes for all verification purposes. > > Thanks, > > Mike >