osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ALL] SHA-1 vs. SHA-256


No objections from me. +1

Sent from Yahoo Mail on Android 
 
  On Sat, 19 May 2018 at 9:24, Gary Gregory<garydgregory@xxxxxxxxx> wrote:   Hi All:

Eclipse is moving to SHA-256 to validate downloads [1] alongside MD5.

We just updated to SHA-1 which apparently has been subject to a collision
attack [2].

Our newish commons-release-plugin has just been updated to SHA-1.

I'd like to add SHA-256 alongside SHA-1.

Thoughts?

[1]
https://www.eclipse.org/eclipse/news/4.8/platform_isv.php#equinox-sha-256-checksum
[2]
https://arstechnica.com/information-technology/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/