Clone
Vladimir Sitnikov <sitnikov.vladimir@gmail.com>
committed
on 10 Sep 19
signing plugin: use SHA512 instead of SHA1 when signing artifacts
PGP signs a digest, so MITM is still possible provided an attacker can upd… Show more
signing plugin: use SHA512 instead of SHA1 when signing artifacts

PGP signs a digest, so MITM is still possible provided an attacker can update

the artifact in such a way that its SHA1 is intact.

Relevant article is https://medium.com/@jonathan.leitschuh/many-of-these-gpg-signatures-are-signed-with-sha-1-which-is-vulnerable-to-a-second-preimage-attack-67104d827930

Signed-off-by: Vladimir Sitnikov <sitnikov.vladimir@gmail.com>

Show less

green-master + 240 more