Re: dpkg-sig support wanted?
On Sat, Nov 26, 2005 at 10:59:57AM +0100, Florian Weimer wrote:
> So? If SHA256 is so much better, why is that nobody can prove it, or
> at least can provide some evidence which supports that claim? "The
> numbers are bigger" is the main argument at this point, which is
> awfully similar to the usual snake-oil arguments (although there is a
> slight difference, of course).
In the world of cryptography, _proving_ security is rather difficult. All you
can say is "well, nobody have made any real progress towards this yet", and
then estimate approximately how much work has actually been done with regard
to breaking it.
> In terms of security, there are some better hash functions. But those
> are academic designs, most of them based on big integer arithmetic
> instead of bit fiddling. Currently, nobody seems to be willing to pay
> the price that comes with them.
Well, the number theory-based hashes are interesting, but they haven't been
around for a very long time (and aren't widely used yet), so nobody really
knows how well they will fare in the long run. The other part of the price is
of course speed.
/* Steinar */