Rich Freeman via plug on 25 Sep 2022 17:23:03 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] free courses, systemd Win, hashquines |
On Sun, Sep 25, 2022 at 8:11 PM Walt Mankowski via plug <plug@lists.phillylinux.org> wrote: > > On Sun, Sep 25, 2022 at 06:08:11PM -0400, JP Vossen via plug wrote: > > On 9/25/22 16:53, Walt Mankowski via plug wrote: > > > > It was already installed for me on Debian-10, which is near EoL. But holy cow the hashes are long! I use `md5sum` to compare files a lot [1], in part because the hashes are short and don't make my eyes & brain bleed. > > > > > > That was my reaction too. You can make them shorter with the -l > > > parameter, but who knows what that does to the robustness of the > > > algorithm? > > > > Probably still better than MD5? :-) But...I can remember `md5sum`, not sure how long I'm going to remember `b2sum -l 48`. > > Same. For the files I'm running this on, there's basically no risk > they might have been hacked. > I'd think that if you just truncated the hash to the same length as an md5 hash then it should be no worse than md5 in terms of security. I'd think it would keep any algorithmic strengths of the better algorithm, but of course you'd be less resistant to brute force attacks. I realize you aren't really concerned with deliberate attacks, but it never hurts to use the more secure algorithm. So, on the topic of insecure hash algorithms, can anybody spot the glaring problem with this: $ git cat-file commit ec9a21e4f51de087744f2f5eb95a82cda673b07e tree 0b6fab6bb7b543878e599ec60699fb005b434bbc parent b95029fad9f1a593342cb2f52322a182c29259de author Repository mirror & CI <repomirrorci@gentoo.org> 1664081214 +0000 committer Repository mirror & CI <repomirrorci@gentoo.org> 1664081214 +0000 gpgsig -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEE90jps8R+OTzCTI+vfCrAnNmPLt8FAmMv3T4ACgkQfCrAnNmP Lt99Xwf8DFCj4LNb5m2fJ9Didx7Yw3rYQxb655O7+/+OcdInU3rbqCywtZPv8Ij+ 8r57/l3ehnFct2Wut2jKokNXzvd+mDPbPVc4sZ6Y5cLxtvycIAD48jHcXSJoc7gk WYuoBP3o1Rdkfj1dM8wZ+jzvEbt8FKMXoXdvXurjoifL7QvlZUjaeOeHmecWswyD jP8bW409LeK0wxUf10XcyP7+ehMeCD0j8eGF/+NC3hx7QBY+VZO+CZ1V5YXQfF4k wU6e9vZEJSd47zeKiCn1SSJ4KAzcDvUmV1mqlZBxosZC/BKreJEgk8F0qOLxBlzg Zxnpw1CK7pYG64Easd0x63zIAIMeNg== =/8YU -----END PGP SIGNATURE----- 2022-09-25 04:46:54 UTC -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug