Provide SHA3 hashes at getmonero.org instead of SHA256
Created by: b-g-goodell
I opened an issue here about this. I got a response that hashing is to check integrity, not security, and folks should check signatures anyway.
But this misses the point, which is: don't make a modifiable hash the face of download integrity checks. If you want to have a big list of hashes, fine, but don't only include the one that is vulnerable to length extension attacks on the official, user-friendly website! If users want to check only one hash, which one are they going to check? The one next to the download link!
Yes, the best practice is for users to check signatures, but almost no one ever does, in practice. If your version of security is to put up a modifiable hash on the most publicly available download page, but bury the actual authentication through a series of links, then you've put unnecessary barriers between users downloading a file and authenticating it, so a huge portion of users will simply not bother authenticating appropriately, even some of the savviest users we have get lazy, and almost none of the newest users are savvy.