Clarify in the documentation if `programhash` is allowed to be SHA-1
RyanGlScott opened this issue · 3 comments
Currently, the README
states that the programhash
must be a SHA-256 hash:
Valid values: SHA-256 hash
programhash
is used to record the SHA-256 hash value of the verified program, for example,e2d5365a863c1c57fbe2870942676040efc3aea2d9bb085092800d6e256daf06
.
In practice, however, the witness linter will accept both SHA-1 and SHA-256 hashes:
sv-witnesses/lint/witnesslint/linter.py
Lines 531 to 539 in 20414d9
Is it permissible for the programhash
to be a SHA-1 one? I ask since witness validators like fshell-witness2test
will produce a warning if the programhash
does not match the SHA-1 (and only the SHA-1) hash of the file (see these lines). If SHA-1 hashes are permitted, the documentation should be clarified.
@tautschnig We wanted to move to SHA-256 completely. Are you willing to update fshell-witness2test
to accept SHA-256 hashes for programhash
?
@SvenUmbricht Could you please remove SHA-1 from the linter?
SHA-1 hashes no longer pass the linter check.
The new linter is now also used in the competition, and nobody complained, so I guess this issue can be closed. Please reopen if you think there is still something that needs to be discussed.