Re: [dev] Checksums and Sig files for release gzip

From: Markus Wichmann <>
Date: Wed, 14 Apr 2021 06:03:42 +0200

On Tue, Apr 13, 2021 at 09:58:56PM +0300, Sergey Matveev wrote:
> *** Markus Wichmann [2021-04-13 20:17]:
> >Y'know, while we're bikeshedding, why not just use SHA-3?
> Answer is:

I don't care about the speed of a hash function. Speed of a hash
function matters only in two cases: Doing lots of hashing (e.g. password
cracking or bitcoin mining), or hashing large files. I don't hash large
files often enough for speed to matter, I think bitcoin mining is
pollution, and in case of password cracking, having a slower hash
function is an advantage for me, as I would be on the side of the

> and answer for that:
> SHA3 is good, but "offers no compelling advantage over SHA2 and brings
> many costs". SHA2 is not so bad.

I am not a cryptographer. From what I understand about SHA-3, it offers
a better HMAC function (the whole padding thing is not needed anymore,
since hash extension attacks are not possible).

I am dependent on the advice of cryptographers for the selection of
hashing algorithms. Cryptographers had a big old competition over the
"best" hashing algorithm (and I realize that multidimensional
optimization is, in general, impossible), and in 2012, Keccak (in a
64-bit variant) won. Now of course, since then, nine years have passed,
and newer developments have not seen such a competition. But I lack the
skills to evaluate any of the other possibilities for anything except
speed, which is the one thing I don't care about. So until SHA-4 comes
along, or another comparable competition, I will stick to SHA-3.

And I will continue to advocate for its use exclusively over SHA-2 to
keep the zoo of hash functions small. SHA-3 should be used for its HMAC
property alone, and it is adequate for all other tasks, so there is also
no reason to keep SHA-2 around.

Received on Wed Apr 14 2021 - 06:03:42 CEST

This archive was generated by hypermail 2.3.0 : Wed Apr 14 2021 - 06:12:08 CEST