|
From: | Michael Stone |
Subject: | Re: feature request for coreutils: b2sum |
Date: | Tue, 1 Nov 2016 11:15:42 -0400 |
User-agent: | Mutt/1.5.23 (2014-03-12) |
On Mon, Oct 31, 2016 at 10:18:55PM -0400, Assaf Gordon wrote:
If by "equivalent" you mean just "happens to be the same length of digest but different value", then I fear many non-tech-savvy users would not be aware of this distinction.
+1. This seems horribly user-unfriendly.
With sha3 and blake2, the digest defaults to 512 as well, using "sha512" loses that useful hint - but that's unavoidable. What is a bigger problem is that with variable length digests in the same utility, it becomes much harder to know what are the correct parameters. I think that automatic length detection should be turned on automatically, even without "--tag". Since I also believe that machines should work harder than people, it would be nice if we have an "--autodetect" kind of parameter that will automatically test multiple algorithms based on the given digest length - it just takes more CPU time, but can save some annoyances for users.
Or, maybe it's time to default to --tag rather relying on length to tell us which algorithm we're dealing with, and deprecate non-tagged output. If we just try all the algorithms until they work then this whole exercise is pointless because we're just implicitly using the weakest one--our odds of having secure hashes would be better if we arbitrarily picked only one to use ever and forgot about the rest.
I'd suggest that this all *not* go into coreutils by default until it's been chewed on a bit more. Make it an optional build component with some disclaimers that it's under development and subject to change, but don't set it in stone yet.
Mike Stone
[Prev in Thread] | Current Thread | [Next in Thread] |