Re: dpkg-sig support wanted?
Scripsit Peter Samuelson <peter@p12n.org>
> For large files, getting a cryptographic checksum is more about reading
> blocks off the disk than about CPU time. So it wouldn't be completely
> ridiculous to allow sha-1 to remain ambiguous with competing 160-bit
> hashes, and have --check check for all of them (reading the file only
> once).
That sounds cryptographically unsafe. It would mean that a practical
preimage attack against _any_ of the supported hashes would break the
entire system. That's not the kind of algorithm agility we need.
> I still think two-byte prefixes for non-md5-non-sha1 hashes makes some
> sense, like s- for sha-256.
That is much better. But let's use "s." as a prefix and do a
[/+] -> [_-] substitution on the following base64 data. The dot
in the prefix will prevent the prefix from being mistaken as part of a
slightly larger non-tagged hash value.
>> $ dsum -a sha1 foo; sha1sum foo
>> f572d396fae9206628714fb2ce00f72e94f2258f foo
>> f572d396fae9206628714fb2ce00f72e94f2258f foo
There appears to be to few characters of hash there, at least unless
it is a cosmically weird coincidence that it base64 encodes to all hex
digits. :-)
I would expect something like
$ dsum -a sha1 COPYING; sha1sum COPYING
s.w4runjyMTV1ZT_VIob4FRTAjAW1ihpMfZRLbIV7B_UI COPYING
s.w4runjyMTV1ZT_VIob4FRTAjAW1ihpMfZRLbIV7B_UI COPYING
$ dsum -a sha1 -a md5 COPYING
s.w4runjyMTV1ZT_VIob4FRTAjAW1ihpMfZRLbIV7B_UI COPYING
4325afd396febcb659c36b49533135d4 COPYING
$ echo moooooooo | sha1sum -
s.-tUTs04N4IxBOtWpdoIXt1b0qgHIgNm9IC_OgYjm-mU -
--
Henning Makholm "But I am a Sunni Muslim," the bemused Arab said.
Reply to: