I have to ask: why does darcs use SHA-1?
On the one hand, SHA-1 is cryptographically fragile and is deprecated
for use in applications that require collision-resistance and pre-
image resistance. SHA-2 is the current standard for those
applications (SHA-2 is about twice as expensive in CPU [1]), and
SHA-3 is under development.
On the other hand, why does darcs need a cryptographically secure
hash function at all? Wouldn't MD5 or a sufficiently wide CRC, such
as the one used in ZFS [2], do just as well? They would certainly be
a lot faster to compute.
Is there some behavior on the part of some malicious actor that darcs
tries to prevent, such that the collision-resistance (such as it is)
of SHA-1 is necessary to prevent it?
Regards,
Zooko
[1] http://cryptopp.com/benchmarks.html
[2] http://blogs.sun.com/bonwick/entry/zfs_end_to_end_data
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
