[darcs-devel] [Haskell-cafe] Re: announcing darcs 2.0.0pre3
Lutz Donnerhacke
lutz at iks-jena.de
Wed Jan 23 17:50:39 EST 2008
* zooko wrote:
> On the one hand, SHA-1 is cryptographically fragile and is deprecated
> for use in applications that require collision-resistance and pre-
> image resistance.
Such a cryptographically strong requirement is not given in the darcs case.
SHA-1 is still used in almost all existing cryptographic protocols and
secure against the known attacks, because the protocol itself prohibits the
attacking preconditions.
> SHA-2 is the current standard for those applications
It's not known, if SHA-2 will suffer from the same attack principle or not.
If you really consider the current known attacks against SHA-1 as important,
you have to leave the whole family an choose i.e. RIPEMD-160.
> On the other hand, why does darcs need a cryptographically secure
> hash function at all? Wouldn't MD5 or a sufficiently wide CRC, such
> as the one used in ZFS [2], do just as well? They would certainly be
> a lot faster to compute.
SHA-1 is the current standard for quick and dirty checksumming an new
applications. Using MD5 or any CRC is only for software acheologists.
More information about the Haskell-Cafe
mailing list