[Unison-hackers] OCaml version mismatch breaks Unison 2.48.4
Stéphane Glondu
steph at glondu.net
Sun Sep 13 03:08:33 EDT 2020
Le 09/09/2020 à 17:14, Benjamin Pierce a écrit :
> Fantastic!
>
> Changing from Digest to something more stable like SHA256 sounds reasonable, but would we expect any difference in performance?
Probably.
Note that I also expect some difference in performance with my changes
in marshalling functions. In practice, the difference is imperceptible
(in my use case, I/O is the limiting factor) and the archive size is
even smaller.
> I believe the point of md5 was that it was cheap to compute even for huge amounts of data…
... But it is easy to make collisions (probably not accidentally,
though). In the case of Unison, if I understand correctly, that would
mean potential changes not being detected in the case of an attack.
Anyway, whatever the hash function, I think it should be more
standardized than just "OCaml's Digest module". If we insist on no new
dependencies (do we?), that hash function would have to be in Unison
sources. And my marshalling implementation changes everything in an
incompatible way, so it's in my opinion a good time to change the hash
function. And as a person doing cryptography in my day job, I cannot
imagine using MD-5 or SHA-1 today. CRC-32 could fit some purpose, but I
don't think it's what we want here.
Cheers,
--
Stéphane
More information about the Unison-hackers
mailing list