On Fri, Aug 2, 2013 at 2:52 PM, Paul Wise <p...@debian.org> wrote: > I noted[1] that some derivatives have introduced SHA512 into their > Release files (and probably Packages/etc). I was wondering if it is > time to drop or deprecate MD5 from the apt metadata and replace it > with SHA512 and or SHA-3. Thoughts? >
SHA512 doesn't bring any advantage over SHA256. SHA-3 hasn't been standardized yet by NIST as Secure Hash Standard and doesn't bring any advantages over SHA-2 (yet). So, yeah let's drop MD5, but don't introduce neither SHA512 nor SHA-3 unless there's a cryptographical need (there isn't at the moment). O. -- Ondřej Surý <ond...@sury.org>
