Lars Ingebrigtsen writes: > > We should clarify that these attacks are not only theoretical, and > > actively discourage using it in security-related applications in the > > Elisp Manual. The attached patch is an attempt at doing that. > > Looks good to me. Thanks. I thought a bit more about this, and would like to suggest the attached slightly more ambitious patch which also recommends against them in the doc strings of sha1, md5 and secure-hash. (I also changed so the doc strings consistently say SHA-1 instead of SHA1, which seems to be more correct AFAICT.) Best regards, Stefan Kangas