Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package

help-glpk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package

From:	Andrew Makhorin
Subject:	Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package
Date:	Mon, 23 Jan 2017 12:32:58 +0300

> you are using a 1024 bit key for signing GLPK distribution tar balls.
> 
> 1024 bit is no longer considered safe. Cf.
> http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
> 
> Furthermore you are using SHA-1 for signing.
> SHA1 is also regarded as unsafe.
> 

AFAIK, many other GNU packages use a similar signature. See for example,
ftp://ftp.gnu.org/gnu/gcc/gcc-6.3.0/ .

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-glpk] 1024 bit key used to sign GLPK distribution package, Heinrich Schuchardt, 2017/01/23
- Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package, Andrew Makhorin, 2017/01/23
  - Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package, Heinrich Schuchardt, 2017/01/23
    - Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package, Andrew Makhorin, 2017/01/23
- Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package, Andrew Makhorin <=

Prev by Date: Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package
Next by Date: Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package
Previous by thread: Re: [Help-glpk] 1024 bit key used to sign GLPK distribution package
Next by thread: [Help-glpk] [Fwd: GLPK Infeasibility set inquiry]
Index(es):
- Date
- Thread