[darcs-devel] [Haskell-cafe] Re: announcing darcs 2.0.0pre3
zooko at zooko.com
Wed Jan 23 16:55:06 EST 2008
I have to ask: why does darcs use SHA-1?
On the one hand, SHA-1 is cryptographically fragile and is deprecated
for use in applications that require collision-resistance and pre-
image resistance. SHA-2 is the current standard for those
applications (SHA-2 is about twice as expensive in CPU ), and
SHA-3 is under development.
On the other hand, why does darcs need a cryptographically secure
hash function at all? Wouldn't MD5 or a sufficiently wide CRC, such
as the one used in ZFS , do just as well? They would certainly be
a lot faster to compute.
Is there some behavior on the part of some malicious actor that darcs
tries to prevent, such that the collision-resistance (such as it is)
of SHA-1 is necessary to prevent it?
More information about the Haskell-Cafe