Hi! On Thu, Feb 05, 2009 at 05:31:06PM -0500, Brad wrote: >On Thursday 05 February 2009 17:18:43 Marc Balmer wrote: >> shouldn't we abandon md5 in favor of e.g. sha256?
>SHA256 has been the default for 2 years now. For ports, yes. For packages, more recently, IIRC. For the "MD5" file in the base distribution, not at all. However, I don't see it as *so very* critical. The practical attacks against MD5 are birthday attacks, not preimages for a given hash. At least not yet. Kind regards, Hannah.
