*** Sergey Matveev [2021-04-17 20:47]:
>>What is the preferred hash by Greta?
>What is that?
I was told offlist that (seems) you were refering to Greta Thunberg.
I suppose she would blame us all, because we are using cryptographic
hash functions for the things where simpler, cheaper and faster
spe
*** Mattias Andrée [2021-04-17 20:41]:
>you have to publish the last version
>that wasn't self-hosted alongside the self-hosted version,
Exactly! And my critique of Rust is that they have not bothered done
that way, that is just an unacceptable (for me) careless work. Go as
a comparison: Go 1.4 is
On Sat, 17 Apr 2021 20:38:51 +0200
Mattias Andrée wrote:
> On Sat, 17 Apr 2021 21:30:58 +0300
> Sergey Matveev wrote:
>
> > *** Mattias Andrée [2021-04-17 20:08]:
> > >No one has an OCaml compiler.
> >
> > Same applies to Rust.
> > And to Go too, but it is easy bootstrappable with the C
On Sat, 17 Apr 2021 21:30:58 +0300
Sergey Matveev wrote:
> *** Mattias Andrée [2021-04-17 20:08]:
> >No one has an OCaml compiler.
>
> Same applies to Rust.
> And to Go too, but it is easy bootstrappable with the C compiler, taking
> just several minutes on modest hardware. Rust is like a Java
*** Mattias Andrée [2021-04-17 20:08]:
>No one has an OCaml compiler.
Same applies to Rust.
And to Go too, but it is easy bootstrappable with the C compiler, taking
just several minutes on modest hardware. Rust is like a JavaScript: just
download it and run, because it is seems so convenient moder
On Sat, 17 Apr 2021 20:50:50 +0300
Sergey Matveev wrote:
> *** Mattias Andrée [2021-04-17 18:57]:
> >This self-hosted nonsense is ludicrous.
>
> Not agree.
>
> >It's understandable for C compilers
>
> Rust, as far as I heard/remember, was written on OCaml, that itself was
> also written on
*** Mattias Andrée [2021-04-17 18:57]:
>This self-hosted nonsense is ludicrous.
Not agree.
>It's understandable for C compilers
Rust, as far as I heard/remember, was written on OCaml, that itself was
also written on some C -- so nothing prevents its bootstrapping too, unless
its authors thought
*** Hiltjo Posthuma [2021-04-17 19:13]:
>Generating hashes for all dl.suckless tarball files (287 files) takes 0.75
>seconds in total, it is not an issue.
Agreed of course. SHA2 is currently the best tradeoff. The only question
could remain: SHA256 vs SHA512 (that is faster on 64-bit platforms).
On Wed, Apr 14, 2021 at 09:05:01AM +0300, Sergey Matveev wrote:
> *** Markus Wichmann [2021-04-14 06:03]:
> >I don't care about the speed of a hash function.
>
> If we a talking here about checking software integrity, then speed is
> important. Millions of people check the hash of downloaded files
This self-hosted nonsense is ludicrous. It's understandable for C compilers,
it's an old language that everyone has a compiler for and there are many
implementations, and even if you wrote it in assembly, you will just shift
the problem to the assembler. So there must be one blessed language, and
C
*** Laslo Hunhold [2021-04-17 17:57]:
>in regard to my argument: It has abysmal compile times and the compiler
>is extremely bloated.
Also it has bootstrap problem: officially there is no way to build Rust,
except for downloading some binaries for you platform from the Internet.
LLVM/Clang, GCC --
On Sat, 17 Apr 2021 17:42:50 +0200
Mattias Andrée wrote:
Dear Mattias,
> I've completely ignored Rust. What's the problem with it?
in regard to my argument: It has abysmal compile times and the compiler
is extremely bloated.
In general though, I see multiple issues with it: The crate-system
co
Greetings!
*** Laslo Hunhold [2021-04-17 16:30]:
>we would save much more energy by banning autohell, Rust, bloated
>electron-apps and Qt.
Well, I can only fully agree with that!
My comment about hash functions performance was only related to
defective idea that slowing them down will help us wit
On Sat, 17 Apr 2021 16:30:15 +0200
Laslo Hunhold wrote:
> On Wed, 14 Apr 2021 09:05:01 +0300
> Sergey Matveev wrote:
>
> Dear Sergey,
>
> > If we a talking here about checking software integrity, then speed is
> > important. Millions of people check the hash of downloaded files -- if
> > it is
On Wed, 14 Apr 2021 09:05:01 +0300
Sergey Matveev wrote:
Dear Sergey,
> If we a talking here about checking software integrity, then speed is
> important. Millions of people check the hash of downloaded files -- if
> it is slow, then huge quantity of time/energy is wasted. Less time you
> spent
On Sat, 17 Apr 2021 07:45:16 +0200 (CEST)
Sagar Acharya wrote:
Dear Sagar,
> Ok. But this is a behavioral change right? How can a patch help in
> this case?
>
> Admins always protest the decision in almost every community if it
> isn't theirs. Am I suggesting something harmful here? It takes a
Ok. But this is a behavioral change right? How can a patch help in this case?
Admins always protest the decision in almost every community if it isn't
theirs. Am I suggesting something harmful here? It takes a minute to sign a
release and this improves security. It makes sure that user gets the
On 4/17/21 1:45 AM, Sagar Acharya wrote:
Ok. But this is a behavioral change right? How can a patch help in this case?
Admins always protest the decision in almost every community if it isn't
theirs. Am I suggesting something harmful here? It takes a minute to sign a
release and this improves
* Sagar Acharya [2021-04-16 20:01:56 +0200]:
Was any decision taken with regards to this? Would we have certain checksums
and sigs for releases in future?
Thanking you
Sagar Acharya
https://designman.org
Sagar, please realize that people are volunteering their time, and I think
most are doi
Was any decision taken with regards to this? Would we have certain checksums
and sigs for releases in future?
Thanking you
Sagar Acharya
https://designman.org
On Fri, Apr 16, 2021 at 09:16:30PM +0200, Anders Damsgaard wrote:
> * Sagar Acharya [2021-04-16 20:01:56 +0200]:
>
> > Was any decision taken with regards to this? Would we have certain
> > checksums and sigs for releases in future?
> >
> > Thanking you
> > Sagar Acharya
> > https://designman.o
wt., 13 kwi 2021 o 18:05 Mattias Andrée napisał(a):
>
> On Tue, 13 Apr 2021 16:57:39 +0200
> Sagar Acharya wrote:
>
> > Sure, any good signature. SHA512 is stronger than SHA1, MD5 and SHA256. It
> > shouldn't take a second more than others. Why use a weaker checksum?
>
> SHA512 is actually more
Sergey - nice summary. Let me just add that there are more uses and
aspects that should be taken into account.
Passwords:
- cpu time vs memory usage vs parallel computation - it is difficult
to address everything with one function, but yescrypt:
https://www.openwall.com/yescrypt/
- side-channel at
*** Markus Wichmann [2021-04-14 06:03]:
>I don't care about the speed of a hash function.
If we a talking here about checking software integrity, then speed is
important. Millions of people check the hash of downloaded files -- if
it is slow, then huge quantity of time/energy is wasted. Less time
On Tue, Apr 13, 2021 at 09:58:56PM +0300, Sergey Matveev wrote:
> *** Markus Wichmann [2021-04-13 20:17]:
> >Y'know, while we're bikeshedding, why not just use SHA-3?
>
> Answer is: https://www.imperialviolet.org/2017/05/31/skipsha3.html
I don't care about the speed of a hash function. Speed of a
*** Markus Wichmann [2021-04-13 20:17]:
>Y'know, while we're bikeshedding, why not just use SHA-3?
Answer is: https://www.imperialviolet.org/2017/05/31/skipsha3.html
and answer for that:
https://cryptologie.net/article/400/maybe-you-shouldnt-skip-sha-3/
SHA3 is good, but "offers no compelling adv
wt., 13 kwi 2021 o 21:29 Sergey Matveev napisał(a):
>
> *** Mattias Andrée [2021-04-13 20:48]:
> >But interesting, even though Keccak (from which SHA-3 is
> >derived) won over BLAKE2, BLAKE2 seems to be more popular.
>
> Keccak won over "BLAKE". "BLAKE2" is reduced-round tweaked "BLAKE" version.
>
*** Mattias Andrée [2021-04-13 20:48]:
>But interesting, even though Keccak (from which SHA-3 is
>derived) won over BLAKE2, BLAKE2 seems to be more popular.
Keccak won over "BLAKE". "BLAKE2" is reduced-round tweaked "BLAKE" version.
BLAKE2 is very fast, having very high security margin and abiliti
Sure, any good signature. SHA512 is stronger than SHA1, MD5 and SHA256. It
shouldn't take a second more than others. Why use a weaker checksum?
Thanking you
Sagar Acharya
https://designman.org
13 Apr 2021, 20:15 by daniel.cegie...@gmail.com:
> How/where SHA512 is better than SHA256 or SHA1? I
On Tue, 13 Apr 2021 20:17:37 +0200
Markus Wichmann wrote:
> On Tue, Apr 13, 2021 at 05:08:31PM +0200, Mattias Andrée wrote:
> > On Tue, 13 Apr 2021 16:57:39 +0200
> > Sagar Acharya wrote:
> >
> > > Sure, any good signature. SHA512 is stronger than SHA1, MD5 and SHA256.
> > > It shouldn't take
On Tue, Apr 13, 2021 at 05:08:31PM +0200, Mattias Andrée wrote:
> On Tue, 13 Apr 2021 16:57:39 +0200
> Sagar Acharya wrote:
>
> > Sure, any good signature. SHA512 is stronger than SHA1, MD5 and SHA256. It
> > shouldn't take a second more than others. Why use a weaker checksum?
>
> SHA512 is actua
wt., 13 kwi 2021 o 17:59 Hiltjo Posthuma napisał(a):
>
> On Tue, Apr 13, 2021 at 04:45:07PM +0200, Daniel Cegiełka wrote:
> > How/where SHA512 is better than SHA256 or SHA1? I don't see any added
> > value in this. If someone breaks into your server and replace files,
> > may also regenerate check
On Tue, 13 Apr 2021 16:57:39 +0200
Sagar Acharya wrote:
> Sure, any good signature. SHA512 is stronger than SHA1, MD5 and SHA256. It
> shouldn't take a second more than others. Why use a weaker checksum?
SHA512 is actually more than twice as fast as SHA256 on 64-bit machines.
(I don't know whic
On Tue, Apr 13, 2021 at 04:45:07PM +0200, Daniel Cegiełka wrote:
> How/where SHA512 is better than SHA256 or SHA1? I don't see any added
> value in this. If someone breaks into your server and replace files,
> may also regenerate check sums (SHA256/512 or SHA3, scrypt etc.). The
> use of MD5 will b
Can we have SHA512 checksums and sig files for the release gzips of suckless
software?
Thanking you
Sagar Acharya
https://designman.org
How/where SHA512 is better than SHA256 or SHA1? I don't see any added
value in this. If someone breaks into your server and replace files,
may also regenerate check sums (SHA256/512 or SHA3, scrypt etc.). The
use of MD5 will be equally (un)safe as SHA512 :)
A better solution is e.g. signify from O
36 matches
Mail list logo
