* Joerg Jaspert: >>> I additionally opened a bug with apt to add support for SHA512SUM, so >>> we can start using them. As soon as that is possible I intend to drop >>> SHA256 and end up with SHA1/SHA512 only. >> Please don't. I have more faith in SHA-256 than SHA-512. > > Uhh, fine - why?
I think this question is a bit rude if faith is involved, but here we go: the number of rounds in SHA-512 is rather small, considering its block size and internal state space, in particular in comparison with SHA-256. More practically speaking, SHA-512 would add about 450 kB of incompressible junk to the Packages file, so we probably want to stick to SHA-256 there. But using different hashes in Release and Packages files is just bloat. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87pqql9lla....@mid.deneb.enyo.de
