Thanks Brane. Like I said, I merely suggested CRC since my understanding is that CRC is more suited for when we want to detect random errors and maintain sanity of the data. However, I did not know that we also needed a security aspect to the hashing mechanism. If we are also looking at malicious interventions detection, I agree that SHA is needed.
My only point was that since CRC is a light algorithm, if it suits our needs, may be easy to do and port. If I was mistaken, I apologize. On 13 Jul 2015 23:16, "Branko Čibej" <[email protected]> wrote: > On 13.07.2015 16:42, Atri Sharma wrote: > > Out of curiosity, are we only using MD5 and SHA1 for checksums? > > > > If that is the case, can we try CRC? Much easier to port and easier to > > compute > > That is complete nonsense. > > The point of hashes is to maintain a minimal level of confidence that > the sources downloaded from a mirror match the hashes published on our > web site. Ease of computation has absolutely no bearing on this. > > These days, SHA1 is the pretty much the barest acceptable minimum; > people are beginning to use SHA256 and even SHA512 because SHA1 > vulnerabilities make it too easy to crack. > > MD5 is obsolete for this purpose. CRC is not even close, since it's not > a cryptographic hash. > > -- Brane > >
