Re: [MediaWiki-l] [Wikitech-l] SHA-1 hash officially broken

I think so, yes. However, this list is probably not the best forum for it, right? Speaking about MediaWIki _users_: If there's really a problem with SHA-1 in their setup, they usually (unfortunately) can't do anything about it, as it's clearly implementation and not configuration. I think (without speaking for him), that’s what Brian wanted to say :) MediaWiki users and even site admins can't change anything here, this has to be handled by developers (if site admins want to join as developers: You're welcome! :)) and they should usually subscribe to wikitech-l, too :P Best, Florian -----Ursprüngliche Nachricht----- Von: MediaWiki-l [mailto:mediawiki-l-bounces@lists.wikimedia.org] Im Auftrag von Pine W Gesendet: Freitag, 24. Februar 2017 22:28 An: MediaWiki announcements and site admin list <mediawiki-l(a)lists.wikimedia.org> Betreff: Re: [MediaWiki-l] [Wikitech-l] SHA-1 hash officially broken As someone who runs a non-WMF MediaWiki installation and might set up at least one more, it's something that I want to know about. :) More info at https://phabricator.wikimedia.org/T158986, although if I understand the conversation on the Phabricator task correctly, the consensus is that migration off of SHA-1 for MediaWiki software is important but doesn't need to happen overnight because the attack is difficult to execute; however, possible attacks on other software that still runs SHA-1 should be considered. Is that correct, Brian? Pine On Fri, Feb 24, 2017 at 1:01 PM, Brian Wolff <bawolff(a)gmail.com> wrote: _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l