On Jul 3, 2012, at 5:50 PM, PJ Eby <pje@telecommunity.com> wrote:
Otherwise, we will have this exact same problem all over again when the replacement "secure" hash is disabled by a newer version of FIPS.
Or, you know, somebody could maintain the dang software and automate the process of producing these hashes. I am slightly baffled by the tone of this thread, like the hash algorithm needs to be set in stone forever. There's a reason that most software treats hashes as pluggable: new algorithms come out every few years, you have to expect that your choice will be obsoleted for some reason (not necessarily just security!) in the future. Granted, there's no real security in this case, but why not use a hash algorithm with less probability of collision? -glyph