On Tue, Apr 13, 2021 at 04:45:07PM +0200, Daniel Cegiełka wrote:
> How/where SHA512 is better than SHA256 or SHA1? I don't see any added
> value in this. If someone breaks into your server and replace files,
> may also regenerate check sums (SHA256/512 or SHA3, scrypt etc.). The
> use of MD5 will be equally (un)safe as SHA512 :)
>
One example where it would not be equally unsafe is if someone or some distro
mirrors the source-code.
> A better solution is e.g. signify from OpenBSD or GnuPG.
>
> https://man.openbsd.org/signify
>
> Daniel
>
> wt., 13 kwi 2021 o 13:36 Sagar Acharya <sagaracharya_AT_tutanota.com> napisał(a):
> >
> > Can we have SHA512 checksums and sig files for the release gzips of suckless software?
> >
> > Thanking you
> > Sagar Acharya
> > https://designman.org
> >
>
--
Kind regards,
Hiltjo
Received on Tue Apr 13 2021 - 17:57:30 CEST