1 |
On 19/10/2017 21:08, Michał Górny wrote: |
2 |
> Considering all arguments made so far, I'd like to propose changing: |
3 |
> manifest-hashes = SHA256 SHA512 WHIRLPOOL |
4 |
> to: |
5 |
> manifest-hashes = SHA512 SHA3_512 |
6 |
|
7 |
+1, fine for me |
8 |
|
9 |
> 1. The main argument for using multiple hashes is to prevent the (very |
10 |
> unlikely) possibility that if a weakness is discovered in one of |
11 |
> the hashes, the other would still hold. This is given by using two |
12 |
> algorithms; more than two do not increase security significantly, while |
13 |
> they do increase performance cost. |
14 |
|
15 |
Curious, do we have any measurements/estimates of the performance cost? |
16 |
|
17 |
Paweł |