1 |
Am Samstag, den 07.02.2009, 15:23 -0800 schrieb Zac Medico: |
2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
3 |
> Hash: SHA1 |
4 |
> |
5 |
> Tiziano Müller wrote: |
6 |
> > Am Montag, den 02.02.2009, 12:34 -0800 schrieb Zac Medico: |
7 |
> >> For the digest format, I suggest that we use the leftmost 10 |
8 |
> >> hexadecimal digits of the SHA-1 digest. The rationale for limiting |
9 |
> >> it to 10 digits (out of 40) is to save space. Due to the avalanche |
10 |
> >> effect [2], 10 digits should be sufficient to ensure that problems |
11 |
> >> resulting from hash collisions are extremely unlikely. |
12 |
> > I'd recommend to prefix the digest with a "{TYPE}" (like for hashed |
13 |
> > passwords) to be able to change the digest algorithm as needed |
14 |
> > (especially in regards to the current SHA successor competition). |
15 |
> > This allows a future package manager which might use SHA-3 for hashing |
16 |
> > (once it's released) to still check old digests. Furthermore it would |
17 |
> > allow for easier transition and only needs a definition of allowed |
18 |
> > hashes instead of a specific one. |
19 |
> |
20 |
> I like that idea. That way it's not necessary to bump the EAPI in |
21 |
> order to change the hash function. So, a typical DIGESTS value might |
22 |
> look like this: |
23 |
> |
24 |
> SHA1 02021be38b a28b191904 3992945426 6ec21b29a3 |
25 |
|
26 |
Sleeping over it again I don't think that truncating a hash is a good |
27 |
idea (truncating it from 40 to 10 digits makes the possibility of |
28 |
collisions much much higher). |
29 |
But if you want to go this way, I'd say you should use something like |
30 |
SHA1t (t for truncated) to make sure we can use full hashes once we feel |
31 |
it's appropriate. |
32 |
|
33 |
-- |
34 |
------------------------------------------------------- |
35 |
Tiziano Müller |
36 |
Gentoo Linux Developer, Council Member |
37 |
Areas of responsibility: |
38 |
Samba, PostgreSQL, CPP, Python, sysadmin |
39 |
E-Mail : dev-zero@g.o |
40 |
GnuPG FP : F327 283A E769 2E36 18D5 4DE2 1B05 6A63 AE9C 1E30 |