Re: [dev] Checksums and Sig files for release gzip

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Sergey Matveev <stargrave_AT_stargrave.org>
Date: Tue, 13 Apr 2021 21:58:56 +0300

*** Markus Wichmann [2021-04-13 20:17]:
>Y'know, while we're bikeshedding, why not just use SHA-3?

Answer is: https://www.imperialviolet.org/2017/05/31/skipsha3.html
and answer for that: https://cryptologie.net/article/400/maybe-you-shouldnt-skip-sha-3/
SHA3 is good, but "offers no compelling advantage over SHA2 and brings
many costs". SHA2 is not so bad. Personally I tend to use neither SHA2,
nor SHA3, but BLAKE2b (in 64-bit CPUs it is even faster than MD5, with
huge security margin), or Skein. KangarooTwelve (reduced-round
parallelized SHA3) will outperform all of them, but BLAKE3 beats it. And
SHA512 is preferable SHA256, mostly because it is faster in 64-bit CPUs.

-- 
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF

Received on Tue Apr 13 2021 - 20:58:56 CEST

This archive was generated by hypermail 2.3.0 : Tue Apr 13 2021 - 22:00:10 CEST