On 27 July 2024 23:14:32 BST, Morgan <weedpac...@varteg.nz> wrote:
>Why a SHA2 algorithm? Why not a SHA3 one? How about standalone functions for
>both, and then when SHA4 comes along (as it inevitably will) another
>standalone function for one of its variants?
You tell me. As I have repeatedly said, I don't actually know anything about
these algorithms. SHA-256 is the only one on the list which I've heard of, and
I'm aware it's newer than SHA-1. I don't know why SHA-512 isn't "better", I
don't know why nobody talks about SHA-3, and I don't know if one of the others
in the list is absolutely amazing and should be everyone's default forever.
As far as I can see, nobody, in this whole discussion, has actually stepped up
and explained what users should be using, once we have taught them that MD5 and
SHA-1 are bad.
>Or leave them them the 60-piece set (which includes flat-head and Phillips
>screwdrivers, so they're not being taken away), and write some tips on how to
>use it correctly.
So go ahead and write those tips. You don't need an RFC vote to improve the
documentation.
Here is my offer to those arguing in favour of this deprecation: If you show me
a draft of a comprehensive improvement to the manual to explain how users
should be choosing a hashing algorithm, I will consider changing my vote.
I am also happy to help with proofreading, and working out how to format it
into DocBook that fits nicely in the manual.
As long as the deprecation rests on "somebody in the next 10 years might get
round to improving the manual", my vote remains a firm No.
Regards,
Rowan Tommins
[IMSoP]
