On 19/10/2017 21:08, Michał Górny wrote: > Considering all arguments made so far, I'd like to propose changing: > manifest-hashes = SHA256 SHA512 WHIRLPOOL > to: > manifest-hashes = SHA512 SHA3_512
+1, fine for me > 1. The main argument for using multiple hashes is to prevent the (very > unlikely) possibility that if a weakness is discovered in one of > the hashes, the other would still hold. This is given by using two > algorithms; more than two do not increase security significantly, while > they do increase performance cost. Curious, do we have any measurements/estimates of the performance cost? Paweł
signature.asc
Description: OpenPGP digital signature
