Hi,
After Arnout's excellent PoC [1], I'd like to discuss the buildinfo content
based on reviewing current example:
> name=stamina-core
> group_id=com.scalapenos
> artifact_id=stamina-core_2.12
> version=0.1.5-SNAPSHOT
ok, same meaning than usual pom IIUC
> build_architecture=all
why "all"
Le jeudi 20 décembre 2018, 19:13:48 CET Arnout Engelen a écrit :
> On Wed, Dec 19, 2018 at 10:15 AM Arnout Engelen wrote:
> > On Tue, Nov 27, 2018 at 4:02 PM Hervé Boutemy wrote:
> > > On the question "where to publish", I think we have no choice when
> > > artifacts go to Maven Central: there
> I'm not sure what you mean by 'not possible to collide' here. Hashes are
> typically smaller than the allowed inputs, which means there must exist
> different input files that produce the
> same output hash. A cryptographic hash just makes those collisions hard to
> find/create, it cannot
Folks, if there's something to say about hashes that can be answered by
a quick trip to Wikipedia or your other favorite fount of public
knowledge, please consider doing so... this is discussion, though
liveliness is good, is starting to seem like a significant divergence
from the core
> While I agree that you can certainly find collisions when you do
> crc16(H(a),H(b))
> or
> H(crc16(a),crc16(b))
> I fail to see how that would be possible with cryptographic hash functions
> like SHA-256, so
> H(H(a),H(b))
> especially since the hash functions internally usually work in
somewhat offtopic
On 20/12/2018 09.59, Daniel Shahaf wrote:
> Hash functions are usually defined in terms of collision resistance.
> The constructions above have not been proven to be collision resistant,
> and moreover, they might not *be* collision resistant — even if h() is.
> Therefore, we