[Help-glpk] 1024 bit key used to sign GLPK distribution package

Heinrich Schuchardt Mon, 23 Jan 2017 00:16:28 -0800

Hello Andrew,

you are using a 1024 bit key for signing GLPK distribution tar balls.


1024 bit is no longer considered safe. Cf.
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf

Furthermore you are using SHA-1 for signing.
SHA1 is also regarded as unsafe.

Please, create a signing key of at least and cross sign it with your old
1024 bit key. You might use SHA-256 for signing.

Best regards

Heinrich Schuchardt

_______________________________________________
Help-glpk mailing list
Help-glpk@gnu.org
https://lists.gnu.org/mailman/listinfo/help-glpk

[Help-glpk] 1024 bit key used to sign GLPK distribution package

Reply via email to