[Help-glpk] 1024 bit key used to sign GLPK distribution package

help-glpk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-glpk] 1024 bit key used to sign GLPK distribution package

From:	Heinrich Schuchardt
Subject:	[Help-glpk] 1024 bit key used to sign GLPK distribution package
Date:	Mon, 23 Jan 2017 09:15:14 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0

Hello Andrew,

you are using a 1024 bit key for signing GLPK distribution tar balls.

1024 bit is no longer considered safe. Cf.
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf

Furthermore you are using SHA-1 for signing.
SHA1 is also regarded as unsafe.

Please, create a signing key of at least and cross sign it with your old
1024 bit key. You might use SHA-256 for signing.

Best regards

Heinrich Schuchardt

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-glpk] 1024 bit key used to sign GLPK distribution package, Heinrich Schuchardt <=
- Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package, Andrew Makhorin, 2017/01/23
  - Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package, Heinrich Schuchardt, 2017/01/23
    - Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package, Andrew Makhorin, 2017/01/23
- Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package, Andrew Makhorin, 2017/01/23

Prev by Date: Re: [Help-glpk] glpk 4.61 release information
Next by Date: Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package
Previous by thread: [Help-glpk] glpk 4.61 release information
Next by thread: Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package
Index(es):
- Date
- Thread