Uploaded image for project: 'Picard Website'
  1. Picard Website
  2. PW-96

Usage of MD5 Hash on Download site is outdated

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None

      On Picard's download page (https://picard.musicbrainz.org/downloads/) the MD5 hashes for each files are listed. Unfortunately MD5 is cryptographically broken due to hash collisions. (See: https://en.wikipedia.org/wiki/MD5#Security)

       

      Proposal: Provide SHA256 hash, or even better: PGP signature

            Unassigned Unassigned
            bhei bhei
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:

                Version Package