diff --git a/debian/changelog b/debian/changelog
index c73f96e..d3d441e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+cdebootstrap (0.7.7) UNRELEASED; urgency=medium
+
+  * Team upload.
+  * Implement SHA256 verification of .deb files (Closes: #856212).
+  * Implement SHA256 verification of Packages files.
+    - (Build-)Depend on libdebian-installer soname version 5.
+  * Disallow fallback to MD5-only verification (Closes: #856215).
+  * Remove support for SHA1 hashes, since they are no longer published
+    in Release files, and the full length of them was not previously
+    being checked against the expected values (Closes: #856213).
+
+ -- Steven Chamberlain <stevenc@debian.org>  Mon, 27 Feb 2017 15:53:40 +0000
+
 cdebootstrap (0.7.6) unstable; urgency=medium
 
   * Make generation of tar reproducible. (closes: #777737)
diff --git a/debian/control b/debian/control
index 49bb110..b61366f 100644
--- a/debian/control
+++ b/debian/control
@@ -9,7 +9,7 @@ Build-Depends:
  libbz2-dev,
  libcurl4-gnutls-dev,
  libdebconfclient0-dev (>= 0.40),
- libdebian-installer4-dev (>= 0.81~),
+ libdebian-installer5-dev,
  liblzma-dev,
  pkg-config,
  zlib1g-dev
diff --git a/src/check.c b/src/check.c
index 34e96da..9621124 100644
--- a/src/check.c
+++ b/src/check.c
@@ -32,6 +32,9 @@
 #include "frontend.h"
 #include "suite.h"
 
+/* Length of a SHA256 hash in hex representation */
+#define SHA256_HEX_LENGTH 64
+
 static int check_sum (const char *target, const char *exec, const char *sum, const char *message)
 {
   int ret;
@@ -51,14 +54,14 @@ static int check_sum (const char *target, const char *exec, const char *sum, con
   if (ret)
     return 1;
 
-  if (!strncmp (buf, sum, 32))
+  if (!strncmp (buf, sum, SHA256_HEX_LENGTH))
     return 0;
   return 1;
 }
 
 int check_deb (const char *target, di_package *p, const char *message)
 {
-  return check_sum (target, "md5sum", p->md5sum, message);
+  return check_sum (target, "sha256sum", p->sha256, message);
 }
 
 int check_packages (const char *target, const char *ext, di_release *rel)
@@ -72,14 +75,12 @@ int check_packages (const char *target, const char *ext, di_release *rel)
   snprintf (buf_file, sizeof (buf_file), "main/binary-%s/Packages%s", arch, ext);
   key.string = (char *) buf_file;
   key.size = strlen (buf_file);
-  item = di_hash_table_lookup (rel->md5sum, &key);
+  item = di_hash_table_lookup (rel->sha256, &key);
   if (!item)
     log_text (DI_LOG_LEVEL_ERROR, "Can't find checksum for Packages file");
 
   if (item->sum[1])
-    return check_sum (target, "sha1sum", item->sum[1], buf_name);
+    return check_sum (target, "sha256sum", item->sum[1], buf_name);
-  if (item->sum[0])
-    return check_sum (target, "md5sum", item->sum[0], buf_name);
   return 1;
 }