Re: md5 hashes used in security announcements
* Bas Steendijk:
> i have sent an email a while ago about the security implications of
> using MD5 hashes in the security announcements (DSA), but i didn't get
> any reply at all from this. has it been overlooked?
I don't know to which address you sent the address, so I don't know if
it's been overlooked.
My general take on this issue is that for this particular purpose, we
will stop using MD5 when someone comes up with an actual collision for a
hash published in a DSA. It's not that these hashes are used for
automated processing. We can't do anything about the old DSAs
containing MD5 hashes anyway.