[PATCH] Add FAQ entry on how Cygwin counters man-in-the-middle (MITM) attacks
Corinna Vinschen
corinna-cygwin@cygwin.com
Tue Mar 31 20:27:00 GMT 2015
On Mar 31 14:08, David A. Wheeler wrote:
> Signed-off-by: David A. Wheeler
Ugh! *Short* patches are ok for the cygwin mailing list. Short being a
handful of lines, not entire novels. Novels go to cygwin-patches, please :)
Other than that, patch looks almost ok. I only scanned it for now since
it's late in the day for me. One nit:
> +<para>
> +Up through 2015 Cygwin used the MD5 algorithm for cryptographic hashes.
> +Cygwin used both MD5 and length checks, which makes some attacks harder
> +than if Cygwin used only MD5,
> +but MD5 is no longer considered a secure cryptographic hash algorithm.
> +The 2015-02-06 update of the setup program
> +added support for the SHA-512 cryptographic hash algorithm for
> +sigining the <literal>setup.ini</literal> package list, as described in
> +<ulink url="https://cygwin.com/ml/cygwin/2015-02/msg00093.html"/>.
> +The announcement also noted that there will be a switch to SHA-512
> +checksums in the <literal>setup.ini</literal> files.
The switch has been performed 2015-03-23. I'll read it more thoroughly
tomorrow.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150331/5298758d/attachment.sig>
More information about the Cygwin
mailing list