[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package
From: |
Andrew Makhorin |
Subject: |
Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package |
Date: |
Mon, 23 Jan 2017 12:32:58 +0300 |
> you are using a 1024 bit key for signing GLPK distribution tar balls.
>
> 1024 bit is no longer considered safe. Cf.
> http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
>
> Furthermore you are using SHA-1 for signing.
> SHA1 is also regarded as unsafe.
>
AFAIK, many other GNU packages use a similar signature. See for example,
ftp://ftp.gnu.org/gnu/gcc/gcc-6.3.0/ .