Re: Release file changes

To: debian-devel@lists.debian.org
Subject: Re: Release file changes
From: Florian Weimer <fw@deneb.enyo.de>
Date: Mon, 21 Feb 2011 21:30:41 +0100
Message-id: <[🔎] 87pqql9lla.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 87fwrhtadq.fsf@gkar.ganneff.de> (Joerg Jaspert's message of "Mon, 21 Feb 2011 21:12:33 +0100")
References: <877hcuy468.fsf@gkar.ganneff.de> <[🔎] 8762sdff26.fsf@mid.deneb.enyo.de> <[🔎] 87fwrhtadq.fsf@gkar.ganneff.de>

* Joerg Jaspert:

>>> I additionally opened a bug with apt to add support for SHA512SUM, so
>>> we can start using them. As soon as that is possible I intend to drop
>>> SHA256 and end up with SHA1/SHA512 only.
>> Please don't.  I have more faith in SHA-256 than SHA-512.
>
> Uhh, fine - why?

I think this question is a bit rude if faith is involved, but here we
go: the number of rounds in SHA-512 is rather small, considering its
block size and internal state space, in particular in comparison with
SHA-256.

More practically speaking, SHA-512 would add about 450 kB of
incompressible junk to the Packages file, so we probably want to stick
to SHA-256 there.  But using different hashes in Release and Packages
files is just bloat.

Reply to:

Follow-Ups:
- Re: Release file changes
  - From: Joerg Jaspert <joerg@debian.org>

References:
- Re: Release file changes
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Release file changes
  - From: Joerg Jaspert <joerg@debian.org>

Prev by Date: Re: Release file changes
Next by Date: Re: Release file changes
Previous by thread: Re: Release file changes
Next by thread: Re: Release file changes
Index(es):
- Date
- Thread