* zooko wrote: > On the one hand, SHA-1 is cryptographically fragile and is deprecated > for use in applications that require collision-resistance and pre- > image resistance.
Such a cryptographically strong requirement is not given in the darcs case. SHA-1 is still used in almost all existing cryptographic protocols and secure against the known attacks, because the protocol itself prohibits the attacking preconditions. > SHA-2 is the current standard for those applications It's not known, if SHA-2 will suffer from the same attack principle or not. If you really consider the current known attacks against SHA-1 as important, you have to leave the whole family an choose i.e. RIPEMD-160. > On the other hand, why does darcs need a cryptographically secure > hash function at all? Wouldn't MD5 or a sufficiently wide CRC, such > as the one used in ZFS [2], do just as well? They would certainly be > a lot faster to compute. SHA-1 is the current standard for quick and dirty checksumming an new applications. Using MD5 or any CRC is only for software acheologists. _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
