SHA-1 is no longer secure

humbug / phar-updater

A thing to make PHAR self-updates easy and secure

BSD 3-Clause "New" or "Revised" License

368 stars 27 forks source link

Closed esokullu closed 7 years ago

esokullu commented 7 years ago

"We hope that our practical attack against SHA-1 will finally convince the industry that it is urgent to move to safer alternatives such as SHA-256."

padraic commented 7 years ago

Yep, we need to add a SHA256 strategy and firmly project that as preferred.