Hello, I noticed that crux mirrors only provide md5 hashes for verification. I recommend moving to sha256 which is a secure hash function. md5 is not a secure hash function any longer as it has several weaknesses that are not expected of a hash [1]. There are a couple instances of it being exploited in serious situations in the real world, for example [2] and [3]. Collisions can be forged on a home computer today [4]. These sort of attacks do not directly affect the way the hash is used in crux but they do demonstrate weakness in md5. I think this gives a strong case for depreciating its usage. There was a bug report about this 8 years ago which was closed <https://crux.nu/bugs/index.php?do=details&task_id=223>. If people agree in this thread then maybe that bug report could be re-opened. Thank you * [1] https://www.kb.cert.org/vuls/id/836068 * [2] https://www.win.tue.nl/hashclash/rogue-ca/ * [3] https://www.trailofbits.com/resources/flame-md5.pdf * [4] http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images-with-same-m...