There has been a practical collision attack on SHA1: https://shattered.io/
We should move away from SHA1 and promote SHA256 instead. SHA256 should be used in places where backwards compatibility is not needed (e.g. certificate fingerprints in ipa cert-* commands).
As discussed on the devel list, we want to keep SHA1 and add SHA256.
https://www.redhat.com/archives/freeipa-devel/2017-February/msg01095.html
Metadata Update from @tkrizek: - Issue assigned to tkrizek - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Metadata Update from @pvoborni: - Custom field affects_doc reset - Custom field tester adjusted to wanted - Issue close_status updated to: None - Issue set to the milestone: FreeIPA 4.5 (was: 0.0 NEEDS_TRIAGE)
master:
Metadata Update from @tkrizek: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.