search

badhabitsec / phantom

Automatically exported from code.google.com/p/phantom
Other
0 stars 0 forks source link

Hash type too inflexible #6

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
The current design has the hash in the setup package stored as a plain byte 
array. I presume that the plan is to support longer hashes in the future by 
checking the length of the array, but this has one major flaw.

Presume that a SHA-3 algorithm is selected. It will likely be reccommended for 
widespread use shortly thereafter. If a subsequent flaw is found, any 
replacement chosen or tweaks applied will keep the API invariant, *including* 
the digest length. The versioning inherent in protocol buffers will not help 
because the current protocol is insufficiently self-descriptive and has 
unwarranted assumptions. I would suggest including some sort of identifier of 
which hash is in use.

Original issue reported on code.google.com by Eternal...@gmail.com on 6 Mar 2012 at 6:21

GoogleCodeExporter commented 8 years ago 
Another protobuf-related concern I have comes from 
http://code.google.com/apis/protocolbuffers/docs/proto.html - note their 
warnings on the use of 'required' (see 'required is forever')

Original comment by Eternal...@gmail.com on 6 Mar 2012 at 6:35