On 24 Feb 2017, at 18:52, Jim Jagielski <[email protected]> wrote:
>
> I think we should start, in addition to "signing" w/ md5 and sha-1,
> using sha-256 as well.
>
> Sound OK?
That seems to match the advice of NIST, E-CRYPT and the BSI on
https://www.nrc.nl/nieuws/2017/02/24/zelfrijdende-auto-google-uber-stal-onze-robotauto-6964363-a1547533
<https://www.nrc.nl/nieuws/2017/02/24/zelfrijdende-auto-google-uber-stal-onze-robotauto-6964363-a1547533>
none of which seems that eager to push us to 385 or 512 for the next 4 years.
Though if we are updating the scripts - perhaps add sha-512 - just to
‘socialize’ it early.
Dw.
