Re: dpkg-sig support wanted?

To: debian-devel@lists.debian.org
Subject: Re: dpkg-sig support wanted?
From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Date: Sat, 26 Nov 2005 13:55:02 +0100
Message-id: <[🔎] 20051126125502.GA9143@uio.no>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87r793d90i.fsf@mid.deneb.enyo.de>
References: <[🔎] 877jb0iswl.fsf@nahar.marcbrockschmidt.de> <[🔎] 87fypntzzo.fsf@mid.deneb.enyo.de> <[🔎] 20051123160817.GB13417@cyan.localnet> <[🔎] 20051123220920.GD5414@hezmatt.org> <[🔎] 20051124023037.GE15019@cyan.localnet> <[🔎] 20051124131345.GE17550@khazad-dum.debian.net> <[🔎] 20051125025707.GD19298@cyan.localnet> <[🔎] 87wtiwh7tv.fsf@mid.deneb.enyo.de> <[🔎] 20051125231302.GD21979@cyan.localnet> <[🔎] 87r793d90i.fsf@mid.deneb.enyo.de>

On Sat, Nov 26, 2005 at 10:59:57AM +0100, Florian Weimer wrote:
> So?  If SHA256 is so much better, why is that nobody can prove it, or
> at least can provide some evidence which supports that claim?  "The
> numbers are bigger" is the main argument at this point, which is
> awfully similar to the usual snake-oil arguments (although there is a
> slight difference, of course).

In the world of cryptography, _proving_ security is rather difficult. All you
can say is "well, nobody have made any real progress towards this yet", and
then estimate approximately how much work has actually been done with regard
to breaking it.

> In terms of security, there are some better hash functions.  But those
> are academic designs, most of them based on big integer arithmetic
> instead of bit fiddling.  Currently, nobody seems to be willing to pay
> the price that comes with them.

Well, the number theory-based hashes are interesting, but they haven't been
around for a very long time (and aren't widely used yet), so nobody really
knows how well they will fare in the long run. The other part of the price is
of course speed.

/* Steinar */
-- 
Homepage: http://www.sesse.net/

Reply to:

Follow-Ups:
- Re: dpkg-sig support wanted?
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- dpkg-sig support wanted?
  - From: Marc 'HE' Brockschmidt <he@debian.org>
- Re: dpkg-sig support wanted?
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Matthew Palmer <mpalmer@debian.org>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: dpkg-sig support wanted?
Next by Date: Re: Bug#340428: octave2.9 - lists mailing list as uploader in changelog
Previous by thread: Re: dpkg-sig support wanted?
Next by thread: Re: dpkg-sig support wanted?
Index(es):
- Date
- Thread