1 |
Michał Górny schrieb: |
2 |
> I think the first reasonable change would be to deprecate SHA256. It is |
3 |
> pretty much the same algorithm as SHA512, except for different |
4 |
> parameters. It is weaker than SHA512, and SHA512 is supported on all |
5 |
> existing platforms anyway. |
6 |
|
7 |
I think there is nothing wrong or insecure with continuing to use |
8 |
SHA256, even though it is technically weaker than SHA512. If it is |
9 |
already included in all Manifests then keeping it as standard is |
10 |
preferable I think. |
11 |
|
12 |
Some people consider having a second dissimilar algorithm at hand a good |
13 |
idea. I suggest SHA3 in that case. |
14 |
|
15 |
manifest-hashes = SHA256 SHA3-256 |
16 |
|
17 |
|
18 |
Best regards, |
19 |
Chí-Thanh Christopher Nguyễn |