On Wed, 2013-08-14 at 11:44 +0200, Till Maas wrote:
On Wed, Aug 14, 2013 at 12:21:23PM +0300, Artem Bityutskiy wrote:
> On Wed, 2013-08-14 at 10:37 +0200, Till Maas wrote:
> > On Wed, Aug 14, 2013 at 09:31:22AM +0300, Artem Bityutskiy wrote:
> >
> > > Other things like reading from remote sites, progress indicator,
> > > protecting your mounted disks, uncompressing on-the-fly, checking sha1
> > > of the data ond of the bmap file itself - are goodies, although
> > > important ones.
> >
> > Why sha1? If the check is there for security reasons, please use at
> > least sha256.
>
> Should not be difficult to implement if there is demand.
SHA-256 is used to create the signatures of other distributed files:
https://fedoraproject.org/static/checksums/Fedora-19-i386-CHECKSUM
Therefore if bmap is used it should also use at least SHA 256. It is
recommended against using SHA-1 for more than 7 years now:
http://csrc.nist.gov/groups/ST/hash/policy_2006.html
Sure, good point, thank you, I'll implement sha-256 support.
--
Best Regards,
Artem Bityutskiy