[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release file changes

> It might be worth approaching from a pragmatic perspective... why
> generate SHA-512 checksums when you're only going to be signing a
> SHA-256 digest of that list (that is unless you want to alienate
> users of OpenPGP-compliant tools which don't implement optional
> algorithms). Is it because you feel SHA-512 is more
> tamper-resistant, or because you're worried that you might wind up
> with two entries accidentally colliding over the same SHA-256 hash
> (which is pretty unlikely statistically speaking, and even then may
> not be particularly relevant depending on the use case for the
> hashes).

Care to make a point for the gpg stuff around it within bug #612657? 

bye, Joerg
<snooze02> sind jabber und icq 2 unterschiedliche netzwerke ?

Reply to: