[Development] Backporting the Keccak change
Lars Knoll
lars.knoll at qt.io
Thu Aug 31 08:12:40 CEST 2017
> On 30 Aug 2017, at 21:45, Thiago Macieira <thiago.macieira at intel.com> wrote:
>
> When writing the 5.6.3 changelog, I'm currently leaving it with:
>
> ******************************************************************************
> * Important Behavior Changes *
> ******************************************************************************
>
> - QCryptographicHash:
> * [QTBUG-59770] QCryptographicHash now properly calculates SHA3 message
> digests. Before, when asked to calculate a SHA3 digest, it calculated
> a Keccak digest instead.
>
> I think this is bad for the 5.6.3 release. After 5.9.0 was released, we had a
> couple of people asking for the ability to calculate Keccak instead of SHA3
> because they needed to compare against stored hashes that had been
> (incorrectly) calculated using Keccak.
>
> So I think we need to take action here. But what?
>
> a) revert the 5.6 backport of 88a8feeacb9bdaff9ee06164424e407eb904cd10 so
> that 5.6.x will forever calculate Keccak, not SHA3;
>
> b) additionally backport 12c5264d9add1826d543c36d893db77262195fc6 to both 5.6
> and 5.9, with the proper binary compatibility notices, so that people who need
> to can adapt their code to calculate Keccak. It won't be pretty, but it will
> work.
>
> I'm actually leaning towards (a) for 5.6 and (b) for 5.9.
Fully agree. That's IMO the best solution.
Cheers,
Lars
More information about the Development
mailing list