[MacPorts] #63885: Replace rmd160 use in MacPorts with something else
MacPorts
noreply at macports.org
Wed Nov 10 20:25:59 UTC 2021
#63885: Replace rmd160 use in MacPorts with something else
-------------------------+--------------------
Reporter: ryandesign | Owner: (none)
Type: defect | Status: new
Priority: Normal | Milestone:
Component: base | Version:
Resolution: | Keywords:
Port: |
-------------------------+--------------------
Comment (by pmetzger):
Replying to [comment:6 ryandesign]:
> We use two algorithms so that a compromise of one algorithm does not
compromise the integrity of the files.
I think the probability of a high quality exploit that occurs without
prior warning against any of the modern hash algorithms is quite low. That
said, SHA-3 or BLAKE2/BLAKE3 are good options as I said.
We should also systematically get rid of reliance on MD5 (people with
inexpensive machines can fake that at this point) and SHA1 (people with
expensive machines can fake that at this point.)
Perry
--
Ticket URL: <https://trac.macports.org/ticket/63885#comment:9>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list