Need your input: Should the new default hash algorithm be SHA3-224 or SHA3-256?
Remember, the desire is that there be no options. Fossil should just do the right thing. VCS users should not have to worry with piddly details like hashing algorithms. So "make it an option that the user has to choose" is an incorrect answer. But what is the "right thing". Assuming no weaknesses are found in the algorithm, collisions are at least 4 billion times more expensive to find in SHA3-224 than in SHA1. Is 4-billion times harder sufficient? Note that if in a few years we find that SHA3-224 is insufficient, all the ground work has already been done and it will be a simple matter to transition to a new (longer and/or better) hash at that time. This morning I was thinking of using SHA3-256. But after looking at a bunch of hashes on-screen, and seeing how long they are, I'm inclined now to go with the shorter SHA3-224. Your feedback is important! -- D. Richard Hipp d...@sqlite.org _______________________________________________ fossil-dev mailing list fossil-dev@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev
