Skip to content

Update hashes to v0.10 and change sha-1 to sha1 #581

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Update hashes to v0.10 and change sha-1 to sha1 #581

wants to merge 2 commits into from

Conversation

newpavlov
Copy link

sha1 got transferred to RustCrypto and should be preferred over sha-1, which will be deprecated after v0.11 release.

@KodrAus
Copy link
Member

KodrAus commented Feb 10, 2022

Thanks @newpavlov! I hadn't noticed the crate transfer before. I think we originally moved to the rust-crypto implementation because the original was unmaintained. That doesn't seem to be the case now. Do you have a sense of how these two implementations differ now? Is the rust-crypto version faster on some platforms? (I got that impression just from a very quick scan including some arch-specific code).

@newpavlov
Copy link
Author

newpavlov commented Feb 11, 2022
edited
Loading

The crate transfer has happened some time after the sha-1 v0.10.0 release.

Apart from the crate name, sha1 v0.10 and sha-1 v0.10 are completely identical. The old sha1 implementation (which did not have alternative backends) got replaced with one from sha-1. sha-1 will be completely deprecated in favor of sha1 on the next breaking release, but for v0.10 we plan to release identical patch releases for both of them.

@KodrAus
Copy link
Member

KodrAus commented Feb 11, 2022

Ah I was more wondering about the difference between sha1 and sha1_smol 🙂 I had a bit of a dig through things and for sha1, I think there's very little reason for uuid specifically to prefer the more industrial rust-crypto sha1 over the zero-dependency sha1_smol, since they're both now maintained. They perform roughly identically (I couldn't try the asm-based implementation yet because I'm on MSVC), and we don't interact with the wider infrastructure rust-crypto makes available through its traits.

So I think we'll take a similar approach that we have with RNG and rand vs getrandom, where we'll quietly use sha1_smol by default because it has zero dependencies, but allow a fast-sha1 with sha1/asm that users could opt into if their target platform supports it.

@KodrAus
Copy link
Member

KodrAus commented Feb 11, 2022

Ok, I flipped over to my ARM-based MacBook and the asm-based implementation is quite a lot zippier, so I think we'll go ahead with this approach of defaulting to sha1_smol and supporting sha1/asm through a feature gate, just like we already do with RNG. Thanks for the PR @newpavlov 🙏

@KodrAus KodrAus closed this Feb 11, 2022
@KodrAus KodrAus mentioned this pull request Feb 11, 2022
Merged
@newpavlov
Copy link
Author

newpavlov commented Feb 11, 2022
edited
Loading

You already have md-5 in your dependency tree. Adding sha1 will not add any additional dependencies.

Also sha1_smol is as unmaintained as the old sha1 implementation. The author simply has republished the old implementation under the new name as part of the transfer. In my opinion, it does not make much sense to revert back to it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@newpavlov @KodrAus