Lookaside: Move away from md5
Bruno Wolff III
bruno at wolff.to
Wed Mar 19 17:41:10 UTC 2014
On Wed, Mar 19, 2014 at 09:36:52 -0600,
Kevin Fenzi <kevin at scrye.com> wrote:
>On Wed, 19 Mar 2014 09:58:20 -0500
>Bruno Wolff III <bruno at wolff.to> wrote:
>
>> On Wed, Mar 19, 2014 at 13:23:27 +0800,
>> Mathieu Bridon <bochecha at fedoraproject.org> wrote:
>> >
>> >I would personally prefer that we stored only one hash, and that we'd
>> >use the strongest currently available. (that would be sha512?)
>>
>> The sha-3 competition is done (over a year ago) and Keccak was
>> selected. I think it would make more sense to go to that rather than
>> sha512. https://en.wikipedia.org/wiki/SHA-3
>
>I did a quick look around, but likely missed it... are there actually
>any tools that implement this yet?
Looking into this further, even though Keccak was picked over a year ago,
there is still a standardization process to pick some of the parameters
that doesn't look like has happened yet. There appears to be a good
project to watch for this:
https://github.com/maandree/sha3sum
But I was wrong about this being a good time to switch to it. If we use it
now, we might end up needing to recompute the hashes again later. So for
now it looks like one of the sha-2 algorthims should be used.
More information about the rel-eng
mailing list