>>>>> On Wed, 06 Apr 2022, Jason A Donenfeld wrote: > I think actually the argument I'm making this time might be subtly > different from the motions that folks went through last year. > Specifically, the idea last year was to switch to using BLAKE2b only. > I think what the arguments I'm making now point to is switching to > SHA2-512 only.
Still, I think that if we drop one of the hashes then we should proceed with the original plan. That is, keep the more modern BLAKE2B (which was a participant of the SHA-3 competition [1]) and drop the older SHA512. Back then, we had the choice between adding SHA3_512 and BLAKE2B, and we preferred BLAKE2B for performance reasons. I also think that the argument about the OpenPGP signature isn't very strong, because replacing that signature by another one using a different hash is trivial. As I said before, replacing all Manifest files in the tree isn't. Ulrich [1] https://en.wikipedia.org/wiki/NIST_hash_function_competition
signature.asc
Description: PGP signature
