On Tue, 13 Apr 2021 16:57:39 +0200 Sagar Acharya <sagaracha...@tutanota.com> wrote:
> Sure, any good signature. SHA512 is stronger than SHA1, MD5 and SHA256. It > shouldn't take a second more than others. Why use a weaker checksum? SHA512 is actually more than twice as fast as SHA256 on 64-bit machines. (I don't know which is stronger). I see no point in having checksums at all, except for detecting bitrot. Signatures are of course good. > Thanking you > Sagar Acharya > https://designman.org > > > > 13 Apr 2021, 20:15 by daniel.cegie...@gmail.com: > > > How/where SHA512 is better than SHA256 or SHA1? I don't see any added > > value in this. If someone breaks into your server and replace files, > > may also regenerate check sums (SHA256/512 or SHA3, scrypt etc.). The > > use of MD5 will be equally (un)safe as SHA512 :) > > > > A better solution is e.g. signify from OpenBSD or GnuPG. > > > > https://man.openbsd.org/signify > > > > Daniel > > > > wt., 13 kwi 2021 o 13:36 Sagar Acharya <sagaracha...@tutanota.com> > > napisał(a): > > > >> > >> Can we have SHA512 checksums and sig files for the release gzips of > >> suckless software? > >> > >> Thanking you > >> Sagar Acharya > >> https://designman.org > >> >