[Development] Backporting the Keccak change

Harri Porten porten at froglogic.com
Sun Sep 3 11:35:54 CEST 2017


On Sat, 2 Sep 2017, Oswald Buddenhagen wrote:

> if we wanted to be really conservative, we'd leave the old meaning of
> the sha3 constants and introduce realSha3 (or something to that effect)
> instead, in 5.10+. keccak aliases would be also provided for a smooth
> migration.

Fwiw, I would have appreciated such a bug-compatible approach. For a new 
product we relied on the old SHA-3 to store hashes of data. That data is 
lost now. Luckily the losses were minimal and did not affect customers, 
yet.

On the other hand: having users rely on a buggy implementation without 
knowing (who reads API documentation for completed code?) has its 
downsides as well.

In that light, giving up the backward compatibility and changinging the 
Sha3_256 enum to intentionally breaking Sha3_256_Good+Sha3_256_Broken for 
the rest of Qt 5.x lifetime could have been an option, too....

Harri.



More information about the Development mailing list