For instance, WireGuard (VPN protocol) for Windows initially refused to install without SHA-2 so I ended up discovering TunSafe which was even easier to use than WireGuard official. Now if a program really insists on SHA-2 or nothing I’ll just find a portable version or an alternative. I’m not too keen on updating my few remaining Win7 systems because the first time I installed the SHA-2 update it borked the bootloader which has never happened with any update before. Including both SHA-1 and SHA-2 signatures doesn’t hurt but whatever. “Weaknesses” in SHA-1 are greatly exaggerated as there has never been a practical exploit, and even if you could craft say, a malicious Firefox installer with the same hash as the official installer, it would be extremely difficult to get anyone to download and use it since everyone gets it from Mozilla’s site anyway, and all the common mirror sites get the binaries directly from Mozilla too.
0 kommentar(er)
