[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release file changes

* Joerg Jaspert:

>>> I additionally opened a bug with apt to add support for SHA512SUM, so
>>> we can start using them. As soon as that is possible I intend to drop
>>> SHA256 and end up with SHA1/SHA512 only.
>> Please don't.  I have more faith in SHA-256 than SHA-512.
> Uhh, fine - why?

I think this question is a bit rude if faith is involved, but here we
go: the number of rounds in SHA-512 is rather small, considering its
block size and internal state space, in particular in comparison with

More practically speaking, SHA-512 would add about 450 kB of
incompressible junk to the Packages file, so we probably want to stick
to SHA-256 there.  But using different hashes in Release and Packages
files is just bloat.

Reply to: