Closed MaggieFero closed 1 month ago
Note that Claire reviewed the draft documentation here for me in person, but I forgot to get her GitHub.
...I tagged the wrong person in that commit message, and it was actually @mhsmith I was chatting with in person. Unfortunately, it was such a small change I made it in the GitHub web UI and I'm not sure amending the message is worth a force push?
Update docs to clarify that SHA-1 is now breakable enough that the Android password matters
Updated android.rst to clarify that recent improvements to intentional SHA-1 collision development bringing the cost of an attack under USD$10k mean that you reallllly actually should change the password from default, but in a hopefully-user-friendly FUD-free way. I updated the existing description and added an admonition to emphasize that you really ought to update it.
Previously the docs said that you didn't need to change the password.
PR Checklist: