[Development] Backporting the Keccak change
Thiago Macieira
thiago.macieira at intel.com
Wed Aug 30 21:45:44 CEST 2017
When writing the 5.6.3 changelog, I'm currently leaving it with:
******************************************************************************
* Important Behavior Changes *
******************************************************************************
- QCryptographicHash:
* [QTBUG-59770] QCryptographicHash now properly calculates SHA3 message
digests. Before, when asked to calculate a SHA3 digest, it calculated
a Keccak digest instead.
I think this is bad for the 5.6.3 release. After 5.9.0 was released, we had a
couple of people asking for the ability to calculate Keccak instead of SHA3
because they needed to compare against stored hashes that had been
(incorrectly) calculated using Keccak.
So I think we need to take action here. But what?
a) revert the 5.6 backport of 88a8feeacb9bdaff9ee06164424e407eb904cd10 so
that 5.6.x will forever calculate Keccak, not SHA3;
b) additionally backport 12c5264d9add1826d543c36d893db77262195fc6 to both 5.6
and 5.9, with the proper binary compatibility notices, so that people who need
to can adapt their code to calculate Keccak. It won't be pretty, but it will
work.
I'm actually leaning towards (a) for 5.6 and (b) for 5.9.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
More information about the Development
mailing list