location of hash code in the module file format: Current State?

Reinier Zwitserloot reinier at zwitserloot.com
Sat Feb 6 18:46:48 PST 2010


I believe the last update of the module file format spec now lists the hash
at the top of the file, vs. the original version where it was at the bottom.

I don't think either is correct, the only strategy that is simple for all
tools (both readers and writers) is for the type of hash to be at the top,
and the actual hash value at the bottom; that way, writers can write to a
stream (as in, writers don't have to buffer the whole module and they don't
have to go back and edit the start of the stream), and readers don't have to
buffer anything either and can just check on-the-fly.

If splitting this up is not a good idea, I suggest we revisit dropping
support of multiple hash algorithms and instead pick one with reasonable
security implications but a lightweight implementation, or, if that doesn't
exist, to mandate 2 hashes, a lightweight one and a more robust one, with
certain simple mobile platforms making do with only checking the
lightweight. I doubt such platforms would ever _make_ a module file.



--Reinier Zwitserloot



More information about the jigsaw-dev mailing list