Sunday, 15. January 2017
Topic: IoT - on January 15, 2017 at 11:47:00 AM CET
Rasbpian: Insecure and not trusted!
Not only is Raspbian intentionally without any way to verify integrity of download (hashes not signed), employee of Raspberry PI own admission states basically states they fear using secure crypto out of fear of being "uncompliant" with some "crypto export laws".
I work for Raspberry Pi. As for using SHA-256 over SHA-1, that then pushes the hash into the realm of crypto software which is controlled by export regulations - given the minuscule chance of collisions with SHA-1, it would cause far more problems than it solves to use SHA-256.
... Comment
