Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

To: Paul Wise <pabs@debian.org>
Cc: debian developers <debian-devel@lists.debian.org>
Subject: Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?
From: Ondřej Surý <ondrej@sury.org>
Date: Fri, 2 Aug 2013 18:33:31 +0200
Message-id: <[🔎] CALjhHG89KhKYc0sLzqb2nnWE6_b+Ojwdb0A24ANBzSPSsAQsOA@mail.gmail.com>
In-reply-to: <[🔎] CAKTje6GFBVBjmCECH_j3gwPBOkoBju261V2CrgzZ5dag+9e61w@mail.gmail.com>
References: <[🔎] CAKTje6GFBVBjmCECH_j3gwPBOkoBju261V2CrgzZ5dag+9e61w@mail.gmail.com>

On Fri, Aug 2, 2013 at 2:52 PM, Paul Wise <pabs@debian.org> wrote:

I noted[1] that some derivatives have introduced SHA512 into their
Release files (and probably Packages/etc). I was wondering if it is
time to drop or deprecate MD5 from the apt metadata and replace it
with SHA512 and or SHA-3. Thoughts?

SHA512 doesn't bring any advantage over SHA256.

SHA-3 hasn't been standardized yet by NIST as Secure Hash Standard

and doesn't bring any advantages over SHA-2 (yet).

So, yeah let's drop MD5, but don't introduce neither SHA512 nor SHA-3

unless there's a cryptographical need (there isn't at the moment).

--
Ondřej Surý <ondrej@sury.org>

Reply to:

Follow-Ups:
- Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?
  - From: David Kalnischkies <kalnischkies@gmail.com>
- Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

References:
- new hashes (SHA512, SHA3) in apt metadata and .changes files?
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Bug#718580: ITP: mayan -- Django-based Electronic Document Management System (EDMS)
Next by Date: Bug#718589: ITP: python-tornadio2 -- Socket.io 0.7+ server implementation on top of Tornado
Previous by thread: Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?
Next by thread: Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?
Index(es):
- Date
- Thread