head and offer a replacement which is safe, faster, and
just as usable!
:-)
Sincerely,
Zooko
On Mon, Oct 12, 2015 at 12:27 AM, Pádraig Brady <p...@draigbrady.com> wrote:
> On 11/10/15 17:59, Zooko Wilcox-OHearn wrote:
>> Folks:
>>
>> Earlier in this discussio
Folks:
Earlier in this discussion Pádraig Brady asked ¹ if we had submitted
BLAKE2 for inclusion in openssl. We have ², but they haven't yet
included it ³.
Eventually, I think, openssl will support highly optimized
implementations of BLAKE2, but I think it will be a long time before
that is
Dear coreutils hackers:
I think we should protect users by offering a replacement for md5sum.
md5sum is dangerous to users, because it is collision-resistant
whenever the data being processed is free of malicious input, but it
is vulnerable to collisions (and other weirder patterns) if the data
Thanks for the suggestion, Pádraig. I'll submit a feature request to openssl.
I think the name of the command is actually important:
My goal here is to make md5sum extinct, because it is unsafe. That's
why we made BLAKE2 to be faster than MD5, because we figured that we'd
never managed to
Dear coreutils folks:
Here's the feature-request for OpenSSL:
http://www.mail-archive.com/openssl-dev@openssl.org/msg39161.html
Regards,
Zooko
Dear Eric Blake:
Yes, that would be fine for my goal of killing md5sum, as long as all
of the distros spell b2sum the same way!
Regards,
Zooko
Great! So the licensing is settled. Now what's the next step?
Regards,
Zooko
Dear coreutils folks and RMS:
I'm writing to ask you to add the BLAKE2 hash function to coreutils.
The reason is that md5sum is the most widely-used tool for file
integrity, but it has flaws that could lead to users being exploited
if they use md5sum in certain reasonable-sounding ways. (I refer
