#401 Replace MD5 file digest with modern hash function

[Petri Koistinen]

Use MD5 as download digest checksum should come to end. Perhaps replacing MD5 digest with SHA2-512 check sum (openssl sha512 command for example produce those). If changing this takes long time perhaps SHA3 should be consider as it should be ready for "production" soon.

[Zangune]

Greetings, SHA1 checksum is provided in addiction, yet.
My opinion is most of the times using checksums is paranoid.

[Starikov Sergey]

My opinion is most of the times using checksums is paranoid.

But sometimes checking sum practice for example helps to discover, that upstream re-released distribution whithout changing version.

And one more from my practice: SF mirroring is not always ehough reliable.
Once I've missed much time trying to debug corrupted image of System Rescue CD.

[TPS]

It'd be great to deprecate SHA1 outright, as well, for @ least SHA256, but SHA512 & SHA3, as well.

[Tom Spettigue]

I think SHA256 should be the standard that gets centered around, as the industry has generally moved in that direction. I don't think I've ever seen a SHA3 hash out in the wild by anyone, and as far as I can tell, there may be no practical advantage over SHA2 algorithms.