On Tue, Apr 13, 2021 at 05:08:31PM +0200, Mattias Andrée wrote: > On Tue, 13 Apr 2021 16:57:39 +0200 > Sagar Acharya <sagaracha...@tutanota.com> wrote: > > > Sure, any good signature. SHA512 is stronger than SHA1, MD5 and SHA256. It > > shouldn't take a second more than others. Why use a weaker checksum? > > SHA512 is actually more than twice as fast as SHA256 on 64-bit machines. > (I don't know which is stronger). >
Y'know, while we're bikeshedding, why not just use SHA-3? Keccak has been out for a while now, and it is also available in 256 and 512 bit variants. I keep wondering why people keep using SHA-2 variants. Do you want to wait until it is cracked? SHA-3 would have the benefit of always being a 64-bit algorithm (unlike SHA-2, which is 32-bit in the 192 and 256 bit variants, and 64-bit in the 384 and 512 bit variants, necessitating two very similar processing functions in C). Its design also makes HMAC easier, though this is not of import for this application. > I see no point in having checksums at all, except for detecting bitrot. > Signatures are of course good. > Signatures only help if you have a known-good public key. Anyone can create a key and claim it belongs to, say, Barack Obama. I have no public key of anyone affiliated with suckless, and no way to verify if any key I get off of a keyserver is actually one of theirs. Security is hard. Ciao, Markus
