1 |
On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck <hanno@g.o> wrote: |
2 |
|
3 |
> On Thu, 19 Oct 2017 21:08:40 +0200 |
4 |
> Michał Górny <mgorny@g.o> wrote: |
5 |
> |
6 |
> > manifest-hashes = SHA512 SHA3_512 |
7 |
> |
8 |
> Counterproposal: Just use SHA512. |
9 |
> |
10 |
> There isn't any evidence that any SHA2-based hash algorithm is going to |
11 |
> be broken any time soon. If that changes there will very likely be |
12 |
> decades of warning before a break becomes practical. |
13 |
> |
14 |
> Having just one hash is simpler and using a well supported one like |
15 |
> SHA512 may make things easier than using something that's still not |
16 |
> very widely supported. |
17 |
|
18 |
|
19 |
Yet having more than one lets you match make sure nobody hijacked your |
20 |
manifest file when an attack vector is inevitably discovered for the old |
21 |
new algorithm (whether SHA2, SHA3, or BLAKE2), because you'll be able to |
22 |
confirm the file is the same one that matched the old checksum in addition |
23 |
to the new one. |