On 05/13/2018 08:11 PM, Leonid Isaev via arch-general wrote:
On Sun, May 13, 2018 at 08:19:19PM +0200, Neven Sajko via arch-general wrote:
On 13 May 2018 at 20:11, Neven Sajko <nsajko@gmail.com> wrote:
I do agree that using md5 is absurd, ...
To clarify, md5 *is* unsecure and is even slower or not significantly faster than hashes from the Keccak and BLAKE2 families; using signatures would be a plus but signatures are not an argument for md5.
It is trivial to enable blake2 support in makepkg using b2sum(1) from the coreutils package. Currently, I only saw gentoo using it but I didn't do proper research on this...
Maybe you could ask the coreutils developers whatever happened to implementing Keccak checksumming tools. -- Eli Schwartz Bug Wrangler and Trusted User