Just to pile on a little here:
0) we may need to cope with old certificates signed using methods that
use old hash functions.
but:
1) for anything we are building today, we should not construct new
signatures using anything older than sha2-family hashes.
(or, for that matter, use anything older than sha2 anywhere that
requires collision-resistance).
2) we should be prepared to roll towards sha3 and away from sha2 when
that becomes possible (sha3 isn't done yet).
My reading of the tea leaves:
Cryptographers were spooked by the breakthroughs in finding hash
function collisions which occurred in 2005.
They are scared, and rightfully so. The functions of the sha2 family
are too similar to sha1 and md5 to be confident that they will last for
very long.
- Bill
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
