On Thu, Aug 8, 2013 at 10:21 PM, Wouter Verhelst <wou...@debian.org> wrote:
> On 05-08-13 02:16, Ben Hutchings wrote: > > On Sun, 2013-08-04 at 16:45 +0200, Wouter Verhelst wrote: > >> On 03-08-13 13:45, Ondřej Surý wrote: > >>> I think it's useless to upgrade to SHA512 (or SHA-3), > >> > >> It's never useless to upgrade to a stronger hash. > >> > >> The cost might outweight the benefit, yes. But that's a different > matter. > > > > What makes you think these are stronger? > > Simple mathematics. > > To me, a "strong hash" is a hash for which collisions are unlikely. > > A SHA512 hash is longer than a SHA1 hash. Therefore it has more bits. > Therefore it has more possible values, which decreases the likelihood > that two collections of bits will produce the same hash value by accident. > This is a very dangerous fallacy. More bits != stronger. It's the algorithm properties that makes the hash stronger, not the number of the bits in the resulting hash. O. -- Ondřej Surý <ond...@sury.org> Have you tried Knot DNS – https://www.knot-dns.cz/ – a high-performance authoritative-only DNS server