1 |
On Sun, Jul 25, 2021 at 11:23 AM Ulrich Mueller <ulm@g.o> wrote: |
2 |
> |
3 |
> We can reiterate when there are indications that SHA512 would be broken. |
4 |
> (Then again, the same applies to BLAKE2B.) |
5 |
|
6 |
Unless both are broken at the same time you'd also have the advantage |
7 |
of not having to try to scramble to figure out whether anything was |
8 |
compromised. I get that typically hash functions are first broken in |
9 |
a way that makes them very difficult to exploit, but that isn't some |
10 |
sort of guarantee. In the very unlikely event that somebody comes up |
11 |
with a preimage attack against one of the functions, it would be even |
12 |
more unlikely that an attack would be devised against both. |
13 |
|
14 |
Sure, we're talking about low risks here, but we're also talking about |
15 |
low cost and security. When security is this cheap, why not have it? |
16 |
I mean, if people didn't care about this stuff they wouldn't bother |
17 |
migrating off of md5, and you'd have critical software like source |
18 |
code control using broken hashes like sha1. |
19 |
|
20 |
-- |
21 |
Rich |