[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release file changes

>>>> I additionally opened a bug with apt to add support for SHA512SUM, so
>>>> we can start using them. As soon as that is possible I intend to drop
>>>> SHA256 and end up with SHA1/SHA512 only.
>>> Please don't.  I have more faith in SHA-256 than SHA-512.
>> Uhh, fine - why?
> I think this question is a bit rude if faith is involved, but here we
> go:

Not intended rude, but you asked to not do something. So I want to know
why, as I'm not of the faith... :)

> the number of rounds in SHA-512 is rather small, considering its block
> size and internal state space, in particular in comparison with
> SHA-256.


> More practically speaking, SHA-512 would add about 450 kB of
> incompressible junk to the Packages file, so we probably want to stick
> to SHA-256 there.  But using different hashes in Release and Packages
> files is just bloat.

We are not (yet?) speaking about the other files, *right* now this is
about the Release file. Yes, in the future the rest has to come up too.
Though, 450k in a Packages file of nearly 7mb, bz2 compressed...

bye, Joerg
If God didn’t want us to eat in church, he would’ve made gluttony a sin.

Reply to: