Stefan Beller wrote: > On Tue, Jun 6, 2017 at 3:22 PM, Johannes Schindelin > <Johannes.Schindelin@xxxxxx> wrote: >> In my mind, it would have made sense to ask well-respected cryptographers >> about their opinions and then try to figure out a consensus among them (as >> opposed to what I saw so far, a lot of enthusastic talk by developers with >> little standing in the cryptography community, mostly revolving around >> hash size and speed as opposed to security). And then try to implement >> that consensus in Git. > > Sounds good to me. That is why I personally think point (4) from > Jonathans list above over-emphasizes performance/size over security. The very least the only kind of replies my example task (4) led to were of this kind, so you can get a clear sense of whether the community values performance over security. :) I happen to think that performance and security both matter and are related (since if performance regresses enough, then people end up using the faster but insecure thing). This has shown up in the history of SSL, for example. But I am very happy to see people focusing more on the security properties than the performance properties --- that is a correct prioritization. Jonathan