modio-sdk-legacy icon indicating copy to clipboard operation
modio-sdk-legacy copied to clipboard
verified publisher icon modio

Provide better hashes for modfiles

Open leper opened this issue 7 years ago • 3 comments

Currently the only checksum available for files is md5.

It would be nice if there's a checksum available that wasn't considered broken in the last century.

SHA-3 would be nice.

leper avatar Jan 09 '18 16:01 leper

Which hashes do your favorite package managers use?

At the moment md5 is provided because the primary aim is to verify the file download is complete. Collisions are not really a consideration.

intenscia avatar Jan 10 '18 02:01 intenscia

They handle that by signing files, but among the things used for those are BLAKE2, SHA256 and I guess if you start looking you are going to find more easily.

I guess BLAKE2 could be interesting given that it tends to be quite fast. I'd probably not start using SHA-2 when SHA-3 is already out there, but the same applies to MD5.

leper avatar Jan 10 '18 02:01 leper

I saw some recommendations for BLAKE2. Will look into it.

intenscia avatar Jan 10 '18 03:01 intenscia