On 27 July 2024 23:14:32 BST, Morgan <[email protected]> wrote:
>Why a SHA2 algorithm? Why not a SHA3 one? How about standalone functions for both, and then when
>SHA4 comes along (as it inevitably will) another standalone function for one of its variants?
You tell me. As I have repeatedly said, I don't actually know anything about these algorithms.
SHA-256 is the only one on the list which I've heard of, and I'm aware it's newer
than SHA-1. I don't know why SHA-512 isn't "better", I don't know why
nobody talks about SHA-3, and I don't know if one of the others in the list is absolutely
amazing and should be everyone's default forever.
As far as I can see, nobody, in this whole discussion, has actually stepped up and explained what
users should be using, once we have taught them that MD5 and SHA-1 are bad.
>Or leave them them the 60-piece set (which includes flat-head and Phillips screwdrivers, so
>they're not being taken away), and write some tips on how to use it correctly.
So go ahead and write those tips. You don't need an RFC vote to improve the documentation.
Here is my offer to those arguing in favour of this deprecation: If you show me a draft of a
comprehensive improvement to the manual to explain how users should be choosing a hashing algorithm,
I will consider changing my vote.
I am also happy to help with proofreading, and working out how to format it into DocBook that fits
nicely in the manual.
As long as the deprecation rests on "somebody in the next 10 years might get round to improving
the manual", my vote remains a firm No.
Regards,
Rowan Tommins
[IMSoP]