[darcs-devel] [Haskell-cafe] Re: announcing darcs 2.0.0pre3

Lutz Donnerhacke lutz at iks-jena.de
Wed Jan 23 17:50:39 EST 2008

* zooko wrote:
> On the one hand, SHA-1 is cryptographically fragile and is deprecated
> for use in applications that require collision-resistance and pre- 
> image resistance.

Such a cryptographically strong requirement is not given in the darcs case.

SHA-1 is still used in almost all existing cryptographic protocols and
secure against the known attacks, because the protocol itself prohibits the
attacking preconditions.

> SHA-2 is the current standard for those applications

It's not known, if SHA-2 will suffer from the same attack principle or not.
If you really consider the current known attacks against SHA-1 as important,
you have to leave the whole family an choose i.e. RIPEMD-160.

> On the other hand, why does darcs need a cryptographically secure
> hash function at all?  Wouldn't MD5 or a sufficiently wide CRC, such
> as the one used in ZFS [2], do just as well?  They would certainly be
> a lot faster to compute.

SHA-1 is the current standard for quick and dirty checksumming an new
applications. Using MD5 or any CRC is only for software acheologists.

More information about the Haskell-Cafe mailing list