ابراهیم محمدی <mebra...@gmail.com> writes: > Isn't a single (rather small) hash value enough for almost all users?
Using multiple hashes gives us some theoretical robustness against a break in one of the hash functions provided that all clients check all the hashes and the hashes would fail independently (which is likely). The basic idea is that it's much harder to come up with a simultaneoush hash collision with both SHA-1 and SHA-2 than breaking either of them independently. I'm a bit dubious the clients actually check, though. Also, it's questionable whether protecting against this theoretical possibility is a good tradeoff. If SHA-2 is broken suddenly, we have larger problems than the integrity of the Packages file, and hopefully we'd get a bit of advance warning (like we have with MD5) and be able to introduce a new hash at that point. MD5 may still be required for backward compatibility; otherwise, it's the obvious one to drop. If we were going to keep only one, we should keep SHA256, as that's the most robust from a cryptographic standpoint at this point (SHA-3 may get there, but is still too new), but obviously all the clients have to support that. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87lhrv3jfq....@windlord.stanford.edu
