[Buildroot] [PATCH] ser2net: Add a hash file

Gustavo Zacarias gustavo at zacarias.com.ar
Wed Oct 8 10:43:41 UTC 2014


On 10/08/2014 07:18 AM, Markos Chandras wrote:
> I understand that, but realistically speaking, supporting so many
> different hashes is not very efficient. If an upstream uses weak hashes
> for released tarballs, just verify the weak hash on your local pc and
> then generate a strong hash yourself. Is there really a point having a
> week md5 and a strong sha256 hash at the same time?

"strong" hashes are so for now, weak hashes were strong at the time too
remember, they're, grossly said, glorified checksums/CRCs (which were
also considered well enough until the data set and computation power grew).
If you truly want to ensure a certain degree of tamper resistance you
need to go to the 2-way collision.
After all a single value of 256 or 512 bits representing a file of 1 MB
of compressed data is bound to hit some issue eventually.
With two different hashing methods it's statistically very complex to
win the lottery.
Regards.




More information about the buildroot mailing list