358210 – Add support for secure checksums: SHA-2 instead of SHA-1 and MD5

Bug 358210 - Add support for secure checksums: SHA-2 instead of SHA-1 and MD5

Summary: Add support for secure checksums: SHA-2 instead of SHA-1 and MD5

Status:	RESOLVED FIXED

Alias:	None

Product:	kleopatra
Classification:	Applications
Component:	general (show other bugs)
Version:	2.2.0
Platform:	Fedora RPMs Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Andre Heinecke

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-01-19 13:05 UTC by Christian Stadelmann
Modified:	2021-03-10 21:12 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Stadelmann 2016-01-19 13:05:25 UTC

Currently Kleopatra supports md5sum and sha1sum to generate checksums. Using sha256sum and sha512sum would be highly appreciated since MD5 is known to be broken for years and SHA-1 is very weak, its use is highly discouraged.

Reproducible: Always

Steps to Reproduce:
1. Open preferences
2. go to crypto operations, tab "File operations"
3. choose "Checksum program to use"

Actual Results:  
only md5sum (broken) and sha1sum (very weak) are available

Expected Results:  
sha256sum and sha512sum should be available. If possible (violation of standards?) one of those commands based on SHA-2 should be default.

Comment 1 Justin Zobel 2021-03-10 00:15:36 UTC

Thank you for the bug report.

As this report hasn't seen any changes in 5 years or more, we ask if you can please confirm that the issue still persists.

If this bug is no longer persisting or relevant please change the status to resolved.

Comment 2 Christian Stadelmann 2021-03-10 21:12:22 UTC

This issue has been fixed in a more recent version. With Kleopatra 3.1.11, the default is sha256sum. sha512sum is also available. Thanks!