[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Why do we check the base checksum so often?

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: Sat, 04 Feb 2012 20:36:28 -0500

On 02/04/2012 08:02 PM, Hyrum K Wright wrote:
> I don't know if apr has a sha256 implementation, but it wouldn't be hard to find one.

I'll point out that we're nearing the end of a selection process for
SHA-3, with a winner expected to be announced some time this year. The
winner may wind up being faster than SHA-256 or even SHA-1. (For
instance, one of the five finalists, Skein, is performance-competitive
with SHA-1 according to numbers in a paper by its authors:
http://www.skein-hash.info/sites/default/files/skein1.3.pdf)

It sounds like wc-ng is somewhat hash-agile by virtue of the format
number and upgrade process. It sounds like Ev2 may not be very
hash-agile. If so, it's probably a bad idea to carve SHA-1 in stone, as
it is already showing weaknesses. SHA-256 is likely to have a much
longer useful lifetime, SHA-3 even more so.

In a pinch, SHA-256 implementations can be pretty small; the one I have
on hand is about 200 lines of code.
Received on 2012-02-05 02:37:06 CET

This is an archived mail posted to the Subversion Dev mailing list.