Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160

To: Wouter Verhelst <wouter@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160
From: Peter Palfrader <weasel@debian.org>
Date: Fri, 24 Feb 2017 14:43:13 +0000
Message-id: <[🔎] 20170224144313.GN7318@sarek.noreply.org>
Mail-followup-to: Wouter Verhelst <wouter@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20170224143857.sossexkweiml5tft@grep.be>
References: <87y3wyt2f8.fsf@deep-thought.43-1.org> <[🔎] 20170224143857.sossexkweiml5tft@grep.be>

On Fri, 24 Feb 2017, Wouter Verhelst wrote:

> > or RIPE-MD/160 algorithms.
> 
> Uhh? AFAIK, RIPEMD160 is not compromised at all, not even in a
> theoretical attack. Why was this part of the decision taken?
> 
> (there is a theoretical attack against RIPEMD, but that is not the same
> thing as RIPEMD160)

It's just as short as SHA1.  There appears to be little reason to use a
digest this short in 2017.

-- 
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/

Reply to:

Follow-Ups:
- Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160
  - From: Paul Tagliamonte <paultag@debian.org>

References:
- Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160
  - From: Wouter Verhelst <wouter@debian.org>

Prev by Date: Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160
Next by Date: Re: Bug#856033: ITP: brailleimg -- produce text images and graphs abusing Braille glyphs
Previous by thread: Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160
Next by thread: Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160
Index(es):
- Date
- Thread