On Sun, Dec 1, 2024 at 9:04 AM Simon Josefsson via Gnulib discussion list <bug-gnulib@gnu.org> wrote: > > Bruno Haible via Gnulib discussion list <bug-gnulib@gnu.org> writes: > > > The 'announce-gen' script shows SHA256 sums in a way that are hard to verify > > and understand for the users: > > - Verifying requires a special command that is not easy to remember. > > - Verifying requires special tools that do not exist on all systems. > > That seems true for any tool, which is why the announcement includes a > explanation on how to use the tools and how to find them. > > Isn't 'cksum' the standard and (ought to be) more commonly available > than 'sha256sum'? > > > - Understand why one checksum uses hex digits and the other is > > base64 ? > > The user doesn't have to understand this. > > > AFAICS, it all came about because the original way to present the SHA256 > > checksum exceeded the 80-columns line limit. > > Coreutils has used base64 SHA256 checksums in announcements for a long > time and this has led to many other projects following this pattern. > OpenSSH uses this format, so it is not all GNU. > > I think we should encourage use of base64 SHA256 checksums rather than > reversing this decision. > > I think we should encourage people to use 'cksum' rather than > 'sha256sum' since the latter is a bad pattern that leads to an explosion > of tools when new hash algorithms are introduced.
It turns out that Base64 is malleable. All tools do not produce the same results. Also see <https://eprint.iacr.org/2022/361>. Whether Base64 malleability leads to a vulnerability is another question. Jeff
