Hi, On 02/09/2016 09:45 PM, grarpamp wrote: > Subscription to the archives is required as said, and is also > documented on the list page. It's free, no human is involved. > Bug them on policy, not me. The context for this thread begins > there and would be of interest to those with interest. > > https://lists.sonic.net/mailman/listinfo/crypto-practicum
Okay, thanks, I've read through the archives, now. One thing I'm curious about is the proposal to use Argon2 (a password hash) over SHA3 or Blake2b for user facing hashes (or portions thereof). Do I understand correctly that this "only" makes it (proportionally) harder for Mallory to come up with a collision on the first few bytes of the resulting hash? Or put another way: Is there any point in using Argon2 (compared to Keccak or Blake2), if the full hash is used? Monotone is pretty rigorous in checking its data's hashes. For example, it checks not just after receiving from another node, but even after loading a revision from disk. Therefore, I'd be pretty hesitant to impose that additional computational cost for the normal user. I rather thought about using a more compact encoding, like base58 as used by Bitcoin. That way you'd get 45% more information into those 5-7 chars that humans can comfortably pass around (compared to hex), resulting in 29 - 40 bits of hash. I'm not saying that's enough, either. But in the case of monotone, I'm less concerned, because there we have integrated certs, which check against the full hash. And just to identify a revision out of the set of already validated revisions, 5-7 chars usually are enough. (Sounds suspiciously similar to Linus' argument, except that certs are external to git, AFAIUI.) Kind Regards Markus Wanner _______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/monotone-devel