GNU bug report logs - #37420
[PATCH] Recommend against SHA-1 for security-related applications

Previous Next

Package: emacs;

Reported by: Stefan Kangas <stefan <at> marxist.se>

Date: Mon, 16 Sep 2019 08:54:02 UTC

Severity: normal

Tags: patch

Done: Stefan Kangas <stefan <at> marxist.se>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Stefan Kangas <stefan <at> marxist.se>
To: 37420 <at> debbugs.gnu.org
Subject: bug#37420: [PATCH] Recommend against SHA-1 for security-related applications
Date: Mon, 16 Sep 2019 10:53:27 +0200

[Message part 1 (text/plain, inline)]

SHA-1 has now seen collision attacks:
https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/

We should clarify that these attacks are not only theoretical, and
actively discourage using it in security-related applications in the
Elisp Manual.  The attached patch is an attempt at doing that.

Any comments?

Best regards,
Stefan Kangas

[0001-Recommend-against-SHA-1-for-security-related-applica.patch (text/x-patch, attachment)]

This bug report was last modified 5 years and 285 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #37420 [PATCH] Recommend against SHA-1 for security-related applications

GNU bug report logs - #37420
[PATCH] Recommend against SHA-1 for security-related applications