[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

On Fri, Aug 2, 2013 at 2:52 PM, Paul Wise <pabs@debian.org> wrote:
I noted[1] that some derivatives have introduced SHA512 into their
Release files (and probably Packages/etc). I was wondering if it is
time to drop or deprecate MD5 from the apt metadata and replace it
with SHA512 and or SHA-3. Thoughts?

SHA512 doesn't bring any advantage over SHA256.

SHA-3 hasn't been standardized yet by NIST as Secure Hash Standard
and doesn't bring any advantages over SHA-2 (yet).

So, yeah let's drop MD5, but don't introduce neither SHA512 nor SHA-3
unless there's a cryptographical need (there isn't at the moment).

Ondřej Surý <ondrej@sury.org>

Reply to: