stevedekorte
commented
9 years ago This is a good idea that I'll try to do this coming week. Thanks for the suggestion.
Closed dionyziz closed 9 years ago
stevedekorte
commented
9 years ago This is a good idea that I'll try to do this coming week. Thanks for the suggestion.
stevedekorte
commented
9 years ago Updated - thanks again.
dionyziz
commented
9 years ago Thanks, that's nice! :)
The website currently contains a SHA1 digest of the binary download. While specific collisions have not yet been found, there are strong indicators that this can be broken given the right amount of money. I understand that the threat model of bitmessage thwarts against powerful agencies and can protect people who are performing acts against malicious governments, that can be particularly powerful.
Under this threat model, the use of SHA1 should be sunset and we should be switching to SHA256 for these checksums.