On Fri, Feb 24, 2017 at 2:30 PM, Helmut K. C. Tessarek <tessa...@evermeet.cx> wrote: > On 2017-02-24 12:52, Jim Jagielski wrote: >> I think we should start, in addition to "signing" w/ md5 and sha-1, >> using sha-256 as well. > > I have a question: why are you still using md5/sha1 for generating file > hashes in the first place? > > Noone with knowledge of hashing algos would use these hashes to validate > a file's authenticity.
Uhm, noone uses hashes to validate authenticity unless they are transmitted through an entirely distinct channel. E.g. not your internet connection. They are useful for file completeness/error checking only. I'd agree there is zero purpose in retaining SHA1 when SHA256 is in place. MD5 has the one distinction of being ubiquitous even on ancient OS's. > Bottom line is that you lull people into a false sense of security by > providing md5/sha1 hashes. People, who don't know that these algorithms > have been broken already, might think that they are safe (by checking > the file against the md5 hash) while in reality they are not. And SHA256 is a means to authenticate how, exactly? We provide .asc pgp signatures exclusively for that purpose.