Before anyone panics, this is not something that people who run mediawiki wikis have to worry about.
-- Brian On Friday, February 24, 2017, Pine W <wiki.p...@gmail.com> wrote: > Forwarding info that may be of interest. > > Pine > > > ---------- Forwarded message ---------- > From: Brion Vibber <bvib...@wikimedia.org> > Date: Fri, Feb 24, 2017 at 9:56 AM > Subject: [Wikitech-l] SHA-1 hash officially broken > To: Wikimedia-tech list <wikitec...@lists.wikimedia.org> > > > Google security have announced that they have a working collision attack > against the SHA-1 hash: > > https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html > > It's highly recommended to move to sha-256 where doable. > > Note that MediaWiki uses sha-1 in a number of places; in some such as > revision hashes it's advisory for tools only, but in other places like > deleted files (filearchive table) we use it for addressing, and should > consider steps to mitigate attacks swapping in alternate files during > deletion/undeletion. > > -- brion > _______________________________________________ > Wikitech-l mailing list > wikitec...@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ > MediaWiki-l mailing list > To unsubscribe, go to: > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
