Change Hashing Method #5
Labels
Comments
Open
|
In the redesign branch, I decided to go with SHA256. |
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We've been using md5 for file hashing, which is more or less fine, but cryptographically secure. I've been debating whether that matters. Yes, you can definitely intentionally create md5 collisions if you're being malicious. On the other hand, this is unlikely to be a problem when you're talking about trusted code (hopefully you trust your migrations).
The reason I picked md5 in the first place was to be compatible with the Stack Overflow migrator, but I already do line ending normalization differently, so there's no guarantee that hashes between the two migrators will match. Furthermore, I intend to add a mark-as-run command which will make transitioning from one migrator to the other easier.
Ultimately, there's no particularly good reason to pick md5, and people might question its use in a production environment (whether there's truly any risk or not). I think picking a different hash would be better. SHA-256 is a likely candidate.
The text was updated successfully, but these errors were encountered: