Re: [dev] Checksums and Sig files for release gzip

From: Markus Wichmann <nullplan_AT_gmx.net>
Date: Tue, 13 Apr 2021 20:17:37 +0200

On Tue, Apr 13, 2021 at 05:08:31PM +0200, Mattias Andrée wrote:
> On Tue, 13 Apr 2021 16:57:39 +0200
> Sagar Acharya <sagaracharya_AT_tutanota.com> wrote:
>
> > Sure, any good signature. SHA512 is stronger than SHA1, MD5 and SHA256. It shouldn't take a second more than others. Why use a weaker checksum?
>
> SHA512 is actually more than twice as fast as SHA256 on 64-bit machines.
> (I don't know which is stronger).
>

Y'know, while we're bikeshedding, why not just use SHA-3? Keccak has
been out for a while now, and it is also available in 256 and 512 bit
variants. I keep wondering why people keep using SHA-2 variants. Do you
want to wait until it is cracked?

SHA-3 would have the benefit of always being a 64-bit algorithm (unlike
SHA-2, which is 32-bit in the 192 and 256 bit variants, and 64-bit in
the 384 and 512 bit variants, necessitating two very similar processing
functions in C). Its design also makes HMAC easier, though this is not
of import for this application.

> I see no point in having checksums at all, except for detecting bitrot.
> Signatures are of course good.
>

Signatures only help if you have a known-good public key. Anyone can
create a key and claim it belongs to, say, Barack Obama. I have no
public key of anyone affiliated with suckless, and no way to verify if
any key I get off of a keyserver is actually one of theirs.

Security is hard.

Ciao,
Markus
Received on Tue Apr 13 2021 - 20:17:37 CEST