Re: [dev] Checksums and Sig files for release gzip

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Daniel Cegiełka <daniel.cegielka_AT_gmail.com>
Date: Tue, 13 Apr 2021 16:45:07 +0200

How/where SHA512 is better than SHA256 or SHA1? I don't see any added
value in this. If someone breaks into your server and replace files,
may also regenerate check sums (SHA256/512 or SHA3, scrypt etc.). The
use of MD5 will be equally (un)safe as SHA512 :)

A better solution is e.g. signify from OpenBSD or GnuPG.

https://man.openbsd.org/signify

Daniel

wt., 13 kwi 2021 o 13:36 Sagar Acharya <sagaracharya_AT_tutanota.com> napisał(a):
>
> Can we have SHA512 checksums and sig files for the release gzips of suckless software?
>
> Thanking you
> Sagar Acharya
> https://designman.org
>
Received on Tue Apr 13 2021 - 16:45:07 CEST

This archive was generated by hypermail 2.3.0 : Tue Apr 13 2021 - 16:48:09 CEST