| 1 |
On Sun, Jul 25, 2021 at 11:23 AM Ulrich Mueller <ulm@g.o> wrote: |
| 2 |
> |
| 3 |
> We can reiterate when there are indications that SHA512 would be broken. |
| 4 |
> (Then again, the same applies to BLAKE2B.) |
| 5 |
|
| 6 |
Unless both are broken at the same time you'd also have the advantage |
| 7 |
of not having to try to scramble to figure out whether anything was |
| 8 |
compromised. I get that typically hash functions are first broken in |
| 9 |
a way that makes them very difficult to exploit, but that isn't some |
| 10 |
sort of guarantee. In the very unlikely event that somebody comes up |
| 11 |
with a preimage attack against one of the functions, it would be even |
| 12 |
more unlikely that an attack would be devised against both. |
| 13 |
|
| 14 |
Sure, we're talking about low risks here, but we're also talking about |
| 15 |
low cost and security. When security is this cheap, why not have it? |
| 16 |
I mean, if people didn't care about this stuff they wouldn't bother |
| 17 |
migrating off of md5, and you'd have critical software like source |
| 18 |
code control using broken hashes like sha1. |
| 19 |
|
| 20 |
-- |
| 21 |
Rich |
Archives