On Sun, Mar 30, 2014 at 11:38 AM, Ingo Weinhold <ingo_weinhold@xxxxxx>wrote: > On 03/27/2014 09:42 PM, Jonathan Schleifer wrote: > >> There were even complains that I replaced a completely broken hash! >> > > Actually you introduced the only completely broken hash so far -- the file > size. As I already wrote on the haikuports-svn list, MD5 is not broken for > our purpose, since there's no know practical preimage attack. > > Anyway, no one complained about replacing MD5 with a more secure hash. > What I did complain about is introducing multiple hashes in fear that a > single hash algorithm could be broken eventually. That *is* highly > paranoid. And it adds more noise to the recipes and more overhead for the > maintainers. > > CU, Ingo > > You may want to look at PBKDF2 or the more recent scrypt (which is what litecoin uses) as they can adapt to newer hardware