|
|
|
|
|
|
by _prometheus
3392 days ago
|
|
|
That's right. It's really important to make sure there is restrictions on what hashes to use if your system is receiving hashes and only checking them for self-consistency. Particularly relevant is "Crypto Extensibility" (formats and protocols to be able to extend a protocol), vs "Crypto Agility" (the use of Crypto Extensibility to use simultaneously a large variety of algorithms, with the key feature that one can be downgraded to an old/possibly broken hash. AGL describes it well here: https://www.imperialviolet.org/2016/05/16/agility.html --- I've filed https://github.com/multiformats/multihash/issues/70 to track this. |
|
|