This repository has been archived by the owner on Sep 21, 2022. It is now read-only.
Provide better hashes for modfiles #51
Labels
Comments
|
Which hashes do your favorite package managers use? At the moment md5 is provided because the primary aim is to verify the file download is complete. Collisions are not really a consideration. |
|
They handle that by signing files, but among the things used for those are BLAKE2, SHA256 and I guess if you start looking you are going to find more easily. I guess BLAKE2 could be interesting given that it tends to be quite fast. I'd probably not start using SHA-2 when SHA-3 is already out there, but the same applies to MD5. |
|
I saw some recommendations for BLAKE2. Will look into it. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently the only checksum available for files is md5.
It would be nice if there's a checksum available that wasn't considered broken in the last century.
SHA-3 would be nice.
The text was updated successfully, but these errors were encountered: