On Tue, Apr 13, 2021 at 04:45:07PM +0200, Daniel Cegiełka wrote: > How/where SHA512 is better than SHA256 or SHA1? I don't see any added > value in this. If someone breaks into your server and replace files, > may also regenerate check sums (SHA256/512 or SHA3, scrypt etc.). The > use of MD5 will be equally (un)safe as SHA512 :) >
One example where it would not be equally unsafe is if someone or some distro mirrors the source-code. > A better solution is e.g. signify from OpenBSD or GnuPG. > > https://man.openbsd.org/signify > > Daniel > > wt., 13 kwi 2021 o 13:36 Sagar Acharya <sagaracha...@tutanota.com> napisał(a): > > > > Can we have SHA512 checksums and sig files for the release gzips of > > suckless software? > > > > Thanking you > > Sagar Acharya > > https://designman.org > > > -- Kind regards, Hiltjo
