search

modio / modio-sdk-legacy

SDK for integrating mod.io into your game - a modding API for game developers
https://sdk.mod.io
MIT License
81 stars 27 forks source link

Provide better hashes for modfiles #51

Open leper opened 6 years ago

leper commented 6 years ago

Currently the only checksum available for files is md5.

It would be nice if there's a checksum available that wasn't considered broken in the last century.

SHA-3 would be nice.

intenscia commented 6 years ago

Which hashes do your favorite package managers use?

At the moment md5 is provided because the primary aim is to verify the file download is complete. Collisions are not really a consideration.

leper commented 6 years ago

They handle that by signing files, but among the things used for those are BLAKE2, SHA256 and I guess if you start looking you are going to find more easily.

I guess BLAKE2 could be interesting given that it tends to be quite fast. I'd probably not start using SHA-2 when SHA-3 is already out there, but the same applies to MD5.

intenscia commented 6 years ago

I saw some recommendations for BLAKE2. Will look into it.