X-Git-Url: http://git.tuebingen.mpg.de/?a=blobdiff_plain;f=NEWS.md;fp=NEWS.md;h=9e67364d9d6c2bb4dd8390e4a5ee5a524bbe5157;hb=27e8c0dca96754834fcc358cfbab548e0be69eb6;hp=a31aeaf18e04b32b496f47cea04988fd74f5536f;hpb=30f67968151619955b2e998c5ce1d4183055fcfa;p=paraslash.git

diff --git a/NEWS.md b/NEWS.md
index a31aeaf1..9e67364d 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -5,6 +5,21 @@ NEWS
 0.7.0 (to be announced) "seismic orbit"
 ---------------------------------------
 
+- Starting with paraslash-0.7.0, the sha256 hash value of each known
+  audio file is stored in the database while older versions employed the
+  sha1 hash algorithm which has been considered insecure since 2005
+  and should no longer be used today. The switch from sha1 to sha256
+  requires users to upgrade their database using the new para_upgrade_db
+  program, followed by re-adding all files to recompute the hashes. With
+  this approach all metadata stored in the database (last played date,
+  num played value, moods, playlists, attributes etc.) are kept. An
+  simpler alternative is to start over from scratch by running the
+  "init" command but this will lose these metadata.
+- Server and client now hash the session keys with sha256 rather
+  than sha1 during the initial handshake. This feature is optional and
+  backwards compatible: old clients can still connect to a new server
+  (using sha1). Also new clients can connect to an old server (again
+  using sha1).
 - The new "duration" keyword of the mood grammar makes it possible to
   impose a constraint on the duration of the admissible files.
 - The long deprecated version 1 mood syntax is no longer supported.