[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?



On Thu, Aug 8, 2013 at 10:21 PM, Wouter Verhelst <wouter@debian.org> wrote:
On 05-08-13 02:16, Ben Hutchings wrote:
> On Sun, 2013-08-04 at 16:45 +0200, Wouter Verhelst wrote:
>> On 03-08-13 13:45, Ondřej Surý wrote:
>>> I think it's useless to upgrade to SHA512 (or SHA-3),
>>
>> It's never useless to upgrade to a stronger hash.
>>
>> The cost might outweight the benefit, yes. But that's a different matter.
>
> What makes you think these are stronger?

Simple mathematics.

To me, a "strong hash" is a hash for which collisions are unlikely.

A SHA512 hash is longer than a SHA1 hash. Therefore it has more bits.
Therefore it has more possible values, which decreases the likelihood
that two collections of bits will produce the same hash value by accident.

This is a very dangerous fallacy. More bits != stronger. It's the algorithm
properties that makes the hash stronger, not the number of the bits in the
resulting hash.

O.
--
Ondřej Surý <ondrej@sury.org>
Have you tried Knot DNS – https://www.knot-dns.cz/
– a high-performance authoritative-only DNS server


Reply to: