What I said but in nicer words :) I think the question is whether truncated SHA512 has a potential to be easily collided? Integrity is desirable in this case (I think) because we want integrity of the certificate. On Oct 17, 2013 12:48 AM, "Laurent Alebarde" <[email protected]> wrote:
> As far as I know, Git does not deal with security but integrity. SHA-1 > is used there, as a hash only instead of file names, to allow for file > renames & moves with respect to a similarity index. > > The fair hypothesis is that in the same repository, the chance of > collision are too low to be considered. > > In our concern, CURVE, we don't share the same specifications and needs. > > Le 16/10/2013 15:40, shancat a écrit : > > 2 needs to be analysed a bit more. I think Git does something very similar > but in that case it's probably to guard against repo corruption not > determined attackers. > > > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > >
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
