[haiku-development] Re: Design for signed packages
- From: Ari Haviv <arielbhaviv@xxxxxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Sun, 30 Mar 2014 11:57:13 -0400
On Sun, Mar 30, 2014 at 11:38 AM, Ingo Weinhold <ingo_weinhold@xxxxxx>wrote:
> On 03/27/2014 09:42 PM, Jonathan Schleifer wrote:
>
>> There were even complains that I replaced a completely broken hash!
>>
>
> Actually you introduced the only completely broken hash so far -- the file
> size. As I already wrote on the haikuports-svn list, MD5 is not broken for
> our purpose, since there's no know practical preimage attack.
>
> Anyway, no one complained about replacing MD5 with a more secure hash.
> What I did complain about is introducing multiple hashes in fear that a
> single hash algorithm could be broken eventually. That *is* highly
> paranoid. And it adds more noise to the recipes and more overhead for the
> maintainers.
>
> CU, Ingo
>
> You may want to look at PBKDF2 or the more recent scrypt (which is what
litecoin uses) as they can adapt to newer hardware
Other related posts:
