On Fri, Jan 05, 2018 at 10:04:44AM -0500, Eric S. Raymond via devel wrote: > > MD5 is no longer considered safe. > > Is SHA1 considered safe? What other types should we test and/or suggest > > people use? > > No, SHA1 is no longer considered safe. The first collision was generated > early last year. The git team is considering a move to SHA-2 (I think - I > might be out of date on this.)
For both MD5 and SHA1 it depends on what property of it is important, which depends on how you use it. (I have no idea how NTP uses it.) Both are still secure for preimage attacks but not for collisions. Kurt _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
