[signcode] Change default hashing algorithm from MD5 to SHA1

MD5 is considered insecure and switching the default to SHA1 should be better for everyone.

See the discussion on the mailing list: http://lists.ximian.com/pipermail/mono-devel-list/2015-December/043424.html

2 files changed, 2 insertions, 2 deletions

diff --git a/mcs/class/Mono.Security/Mono.Security.Authenticode/AuthenticodeFormatter.cs b/mcs/class/Mono.Security/Mono.Security.Authenticode/AuthenticodeFormatter.cs
index 3790c194f01..f91a3a95948 100644
--- a/mcs/class/Mono.Security/Mono.Security.Authenticode/AuthenticodeFormatter.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Authenticode/AuthenticodeFormatter.cs
@@ -77,7 +77,7 @@ namespace Mono.Security.Authenticode {
 		public string Hash {
 			get { 
 				if (hash == null)
-					hash = "MD5";
+					hash = "SHA1";
 				return hash; 
 			}
 			set {
diff --git a/mcs/tools/security/signcode.cs b/mcs/tools/security/signcode.cs
index 2e8d475e643..1a8047134c0 100644
--- a/mcs/tools/security/signcode.cs
+++ b/mcs/tools/security/signcode.cs
@@ -35,7 +35,7 @@ namespace Mono.Tools {
 			Console.WriteLine ("Usage: signcode [options] filename{0}", Environment.NewLine);
 			Console.WriteLine ("\t-spc spc\tSoftware Publisher Certificate file");
 			Console.WriteLine ("\t-v pvk\t\tPrivate Key file");
-			Console.WriteLine ("\t-a md5 | sha1\tHash Algorithm (default: MD5)");
+			Console.WriteLine ("\t-a sha1 | md5\tHash Algorithm (default: SHA1)");
 			Console.WriteLine ("\t-$ indivisual | commercial\tSignature type");
 			Console.WriteLine ("\t-n description\tDescription for the signed file");
 			Console.WriteLine ("\t-i url\tURL for the signed file");