[Haskell-cafe] Re: cryptographic hash functions in darcs (re: announcing darcs 2.0.0pre3)

Achim Schneider barsoap at web.de
Thu Jan 24 16:57:16 EST 2008


zooko <zooko at zooko.com> wrote:


> The basic choice is: (a) use an insecure function and simply state  
> that anyone with whom you (transitively) exchange patches has the  
> opportunity to subvert your repository, or (b) use a secure hash  
> function, i.e. SHA-256 or Tiger.
> 
And anyway, if your goal is security 'till 2015, SHA1 seems to be
secure enough(TM) for all practical purposes (that is, without using
par on a beowolf cluster on all ps3's in the world), as the
speed^H^H^H^H^Hcomplexity of a single CPU core won't obey Moore's law
anymore, for physical reasons.

OTOH, when quantum computing arrives, you're fucked, anyway. Excessive
paranoia in general doesn't pay off if the to protected data is
publicly accessible in any way whatsoever.

THEY would be much more cost-effective if THEY'd go for
physically hacking your system instead of paying N million € for
hardware to crack your codes.

In the end, I guess THEY finance quantum computing research, but I'm
going vastly OT here...

-- 
(c) this sig last receiving data processing entity. Inspect headers for
past copyright information. All rights reserved. Unauthorised copying,
hiring, renting, public performance and/or broadcasting of this
signature prohibited. 



More information about the Haskell-Cafe mailing list