SHA1 and 256 (again) :)
Rahul Sundaram
sundaram at fedoraproject.org
Thu Nov 19 00:39:58 UTC 2009
On 11/19/2009 06:04 AM, Ladislav Bodnar wrote:
> On Thursday 19 November 2009, Rahul Sundaram wrote:
>> Note that changing HASH: SHA1 to anything else in the top of the file
>> will make the gpg check fail since it writes it out that way. So it's
>> sort of a tricky issue to solve. Not sloppiness.
>
> Maybe it would be simpler to call the file SHA256SUM (or SHA256) instead of
> CHECKSUM? As far as I remember, these files used to be called MD5SUM, then
> SHA1SUM, which made it very clear what was inside. But with so many
> different checksum standards, calling the file CHECKSUM is bound to lead to
> confusion.
I think the generic name was picked up because nobody believes that
SHA256 hashes are going to be cryptographically secure for a long time
and we are bound to switch to stronger checksums over a period of time
but I think, a clear filename does make it more easier to avoid this
mass confusion. Jesse Keating?
Rahul
More information about the fedora-test-list
mailing list