SHA1 and 256 (again) :)

Rahul Sundaram sundaram at
Thu Nov 19 00:39:58 UTC 2009

On 11/19/2009 06:04 AM, Ladislav Bodnar wrote:
> On Thursday 19 November 2009, Rahul Sundaram wrote:
>> Note that changing HASH: SHA1 to anything else in the top of the file
>> will make the gpg check fail since it writes it out that way. So it's
>> sort of a tricky issue to solve. Not sloppiness.
> Maybe it would be simpler to call the file SHA256SUM (or SHA256) instead of 
> CHECKSUM? As far as I remember, these files used to be called MD5SUM, then 
> SHA1SUM, which made it very clear what was inside. But with so many 
> different checksum standards, calling the file CHECKSUM is bound to lead to 
> confusion.

I think the generic name was picked up because nobody believes that
SHA256 hashes are going to be cryptographically secure for a long time
and we are bound to switch to stronger checksums over a period of time
but I think, a clear filename does make it more easier to avoid this
mass confusion. Jesse Keating?


More information about the fedora-test-list mailing list