On 23/11/2025 20:59, Collin Funk wrote:
Hi,In the documentation of md5sum and sha1sum we have a paragraph mentioning that there are known collisions that make these algorithms insecure. How about listing algorithms currently considered secure for the documentation of 'cksum -a'? I have attached a proposed patch. I don't think there is any problems with SM3, but I can't find much written in English about it. I have excluded it since my understanding is that you would only use it if you were selling an enterprise application in Chinese markets, for example. Python's cryptography module says something along those lines too [1]: This hash should be used for compatibility purposes where required and is not otherwise recommended for use. Collin [1] https://cryptography.io/en/latest/hazmat/primitives/cryptographic-hashes/#cryptography.hazmat.primitives.hashes.SM3
Looks good, though I'd say "currently considered" rather than "considered". thanks, Padraig
