18 Jul
2011
18 Jul
'11
11:52 a.m.
This will just require a SHA256 in addition to an MD5 (if one is even present), that's all (for some reason I thought it was more complicated than that, but you're right). MD5s haven't exactly been broken for our purposes (there are no working preimage attacks against MD5 yet), but there is little reason to expect that it will stay this way for much longer. So yeah, scratch the flag and the corresponding config option, but we should also make SHA256 a requirement at some point. -Kerrick Staley On Jul 18, 2011 2:31 AM, "Allan McRae" <allan@archlinux.org> wrote: