Re: [dev] Checksums and Sig files for release gzip

From: Sagar Acharya <sagaracharya_AT_tutanota.com>
Date: Tue, 13 Apr 2021 16:57:39 +0200 (CEST)

Sure, any good signature. SHA512 is stronger than SHA1, MD5 and SHA256. It shouldn't take a second more than others. Why use a weaker checksum?
Thanking you
Sagar Acharya
https://designman.org



13 Apr 2021, 20:15 by daniel.cegielka_AT_gmail.com:

> How/where SHA512 is better than SHA256 or SHA1? I don't see any added
> value in this. If someone breaks into your server and replace files,
> may also regenerate check sums (SHA256/512 or SHA3, scrypt etc.). The
> use of MD5 will be equally (un)safe as SHA512 :)
>
> A better solution is e.g. signify from OpenBSD or GnuPG.
>
> https://man.openbsd.org/signify
>
> Daniel
>
> wt., 13 kwi 2021 o 13:36 Sagar Acharya <sagaracharya_AT_tutanota.com> napisał(a):
>
>>
>> Can we have SHA512 checksums and sig files for the release gzips of suckless software?
>>
>> Thanking you
>> Sagar Acharya
>> https://designman.org
>>
Received on Tue Apr 13 2021 - 16:57:39 CEST

This archive was generated by hypermail 2.3.0 : Tue Apr 13 2021 - 17:00:09 CEST