[Info-vax] FTP FYI
Arne Vajhøj
arne at vajhoej.dk
Wed Nov 25 10:18:28 EST 2020
On 11/25/2020 9:46 AM, Dave Froble wrote:
> On 11/25/2020 9:06 AM, John Dallman wrote:
>> In article <rplloa$8v7$1 at dont-email.me>,
>> clubley at remove_me.eisner.decus.org-Earth.UFP (Simon Clubley) wrote:
>>> ... SHA-256 would be my absolute minimum and SHA-512 would be strongly
>>> preferred for increased protection against future attacks.
>>
>> Hear, hear. SHA-1 is now worthless against a deliberate attack, although
>> still fine against accidental corruption.
>>
>> An OS claiming to be highly secure needs SHA-512; supporting the
>> relatively new SHA-3 would add credibility.
>
> Perhaps we should be a bit more focused on the issue?
>
> From what I was reading, the issue was catching data corruptions, not
> security. Isn't it sort of silly to introduce security into another
> issue? A checksum either works, or it doesn't. If it works, doesn't
> that solve the potential issue?
>
> Or maybe I don't understand the issue ...
You do.
For catching accidental data corruption SHA-1 is OK.
It is for security that it is bad.
But from a practical perspective then using the same
algorithm for both purposes makes sense.
Which I suspect is why Hoff used the wording he did.
Arne
More information about the Info-vax
mailing list