[gentoo-commits] gentoo commit in xml/htdocs/proj/en/glep: glep-0059.html glep-0059.txt

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/glep: glep-0059.html glep-0059.txt

[Robin H. Johnson (robbat2)]

robbat2     10/01/31 07:55:46

  Modified:             glep-0059.html glep-0059.txt
  Log:
  Revise GLEP59 per Calchan questions: Python 2.5 is widely deployed now and provides SHA512. RIPEMD160 is broken. WHIRLPOOL added. Migration plan detail added.

Revision  Changes    Path
1.5                  xml/htdocs/proj/en/glep/glep-0059.html

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.html?rev=1.5&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.html?rev=1.5&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.html?r1=1.4&r2=1.5

Index: glep-0059.html
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0059.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -p -w -b -B -u -u -r1.4 -r1.5
--- glep-0059.html	13 Jan 2010 03:28:33 -0000	1.4
+++ glep-0059.html	31 Jan 2010 07:55:45 -0000	1.5
@@ -47,7 +47,7 @@
 </tr>
 <tr class="field"><th class="field-name">Updates:</th><td class="field-body">44</td>
 </tr>
-<tr class="field"><th class="field-name">Post-History:</th><td class="field-body">December 2009</td>
+<tr class="field"><th class="field-name">Post-History:</th><td class="field-body">December 2009, January 2010</td>
 </tr>
 </tbody>
 </table>
@@ -61,10 +61,8 @@
 <li><a class="reference internal" href="#the-bad-news" id="id4">The bad news</a></li>
 <li><a class="reference internal" href="#how-fast-can-md5-be-broken" id="id5">How fast can MD5 be broken?</a></li>
 <li><a class="reference internal" href="#the-good-news" id="id6">The good news</a></li>
-<li><a class="reference internal" href="#what-should-be-done" id="id7">What should be done</a><ul>
-<li><a class="reference internal" href="#checksum-depreciation" id="id8">Checksum depreciation</a></li>
-</ul>
-</li>
+<li><a class="reference internal" href="#what-should-be-done" id="id7">What should be done</a></li>
+<li><a class="reference internal" href="#checksum-depreciation-timing" id="id8">Checksum depreciation timing</a></li>
 </ul>
 </li>
 <li><a class="reference internal" href="#backwards-compatibility" id="id9">Backwards Compatibility</a></li>
@@ -100,16 +98,19 @@ is that multiple checksums would be an i
 could not provably quantify the amount of security this added.
 The really bad news, is that this position is completely and utterly
 wrong. Many of you will be aghast at this. There is extremely little
-added security in multiple checksums [J04]. For any set of checksums,
-the actual strength lies in that of the strongest checksum.</p>
+added security in multiple checksums as noted by Joux [J04]. For any set
+of checksums, the actual strength lies in that of the strongest
+checksum.</p>
+<p>Wang et al [W04] extended Joux's [J04] work on SHA-0 to cover MD4, MD5,
+HAVAL-128 and RIPEMD families of hashes.</p>
 </div>
 <div class="section" id="how-fast-can-md5-be-broken">
 <h2><a class="toc-backref" href="#id5">How fast can MD5 be broken?</a></h2>
-<p>For a general collision, not a pre-image attack, since the original
-announcement by Wang et al [W04], the time required to break MD5 has
-been massively reduced. Originally at 1 hour on a near-supercomputer
-(IBM P690) and estimated at 64 hours with a Pentium-3 1.7Ghz. This has
-gone down to less than in two years, to 17 seconds [K06a]!</p>
+<p>For a general collision, not a pre-image attack, since the announcement
+by Wang et al [W04], the time required to break MD5 has been massively
+reduced. Originally at 1 hour on a near-supercomputer (IBM P690) and
+estimated at 64 hours with a Pentium-3 1.7Ghz. This has gone down to
+less than in two years, to 17 seconds [K06a].</p>
 <p>08/2004 - 1 hour, IBM pSeries 690 (32x 1.7Ghz POWER4+) = 54.4 GHz-Hours
 03/2005 - 8 hours, Pentium-M 1.6Ghz = 12.8 Ghz-Hours
 11/2005 - 5 hours, Pentium-4 1.7Ghz = 8.5 Ghz-Hours
@@ -120,26 +121,24 @@ may be broken over the course of 2 years
 &gt;2000x), then existing checksums do not stand a significant chance of
 survival in the future. We should thus accept that whatever checksums we
 are using today, will be broken in the near future, and plan as best as
-possible. (A brief review [H04] of the present SHA1 attacks indicates an
+possible. (A brief review [H04] of the SHA1 attacks indicates an
 improvement of ~600x in the same timespan).</p>
 <p>And for those that claim implementation of these procedures is not yet
 feasible, see [K06b] for an application that can produce two
-self-extracting .exe files, with identical MD5s, and whatever payload
-you want.</p>
+self-extracting EXE files, with identical MD5s, and whatever payload you
+want.</p>
 </div>
 <div class="section" id="the-good-news">
 <h2><a class="toc-backref" href="#id6">The good news</a></h2>
-<p>Of the checksums presently used by Manifest2, one stands close to being
-completely broken: SHA1. The SHA2 series has suffered some attacks, but
-still remains reasonably solid [G07],[K08]. No attacks against RIPEMD160
-have been published, however it is constructed in the same manner as
-MD5, SHA1 and SHA2, so is also vulnerable to the new methods of
-cryptanalysis [H04].</p>
+<p>Of the checksums presently used by Manifest2 (SHA1, SHA256, RIPEMD160),
+one stands close to being completely broken: SHA1; and another is
+significantly weakened: RIPEMD160. The SHA2 series has suffered some
+attacks, but still remains reasonably solid [G07],[K08].</p>
 <p>To reduce the potential for future problems and any single checksum
 break leading to a rapid decrease in security, we should incorporate the
 strongest hash available from each family of checksums, and be prepared
 to retire old checksums actively, unless there is a overriding reason to
-keep a specific checksum.</p>
+keep a specific checksum, such as part of a migration plan.</p>
 </div>
 <div class="section" id="what-should-be-done">
 <h2><a class="toc-backref" href="#id7">What should be done</a></h2>
@@ -150,23 +149,30 @@ from Manifest2 files, once all old Porta
 sufficient time to upgrade. We should be prepared to add stronger
 checksums wherever possible, and to remove those that have been
 defeated.</p>
-<p>An unsupported hash is not considered to be a failure unless no
-supported hashes are available.</p>
-<div class="section" id="checksum-depreciation">
-<h3><a class="toc-backref" href="#id8">Checksum depreciation</a></h3>
-<p>For the current Portage, SHA1 should be gradually removed, as presents
-no advantages over SHA256. Beyond one specific problem (see the next
-paragraph), we should add SHA512 (SHA2, 512 bit size), the Whirlpool
-checksum (standardized checksum, with no known weaknesses). In future,
-as stream-based checksums are developed (in response to the development
-by NIST [AHS]), they should be considered and used.</p>
-<p>There is one temporary stumbling block at hand - the existing Portage
-infrastructure does not support SHA384/512 or Whirlpool, thus hampering
-their immediate acceptance. SHA512 is available in Python 2.5, while
-SHA1 is already available in Python 2.4. After Python2.5 is established
-in a Gentoo media release, that would be a suitable time to remove SHA1
-from Manifest2 files.</p>
-</div>
+<p>As soon as feasible, we should add the SHA512 and WHIRLPOOL algorithms.
+In future, as stream-based checksums are developed (in response to the
+development by NIST [AHS]), they should be considered and used.</p>
+<p>The SHA512 algorithm is available in Python 2.5, which has been a
+dependency of Portage since approximately Python 2.1.6.13.</p>
+<p>The WHIRLPOOL checksum is not available within the PyCrypto library or
+hashlib that is part of Python 2.5, but there are multiple alternative
+Python implementations available, ranging from pure Python to C-based
+(python-mhash).</p>
+<p>The existence unsupported hash is not considered to be a failure unless
+no supported hashes are available for a given Manifest entry.</p>
+</div>
+<div class="section" id="checksum-depreciation-timing">
+<h2><a class="toc-backref" href="#id8">Checksum depreciation timing</a></h2>
+<p>For the current Portage, both SHA1 and RIPEMD160 should be immediately
+removed, as they present no advantages over the already present SHA256.
+SHA256 cannot be replaced immediately with SHA512, as existing Portage
+versions need at least one supported algorithm present (SHA256 support
+was added in June 2006), so it must be retained for some while.</p>
+<p>Immediately:
+- Add WHIRLPOOL and SHA512.
+- Remove SHA1 and RIPEMD160.</p>
+<p>After the majority of Portage installations include SHA512 support:
+- Remove SHA256.</p>
 </div>
 </div>
 <div class="section" id="backwards-compatibility">
@@ -238,7 +244,7 @@ Open Publication License, v1.0.</p>
 <div class="footer">
 <hr class="footer" />
 <a class="reference external" href="glep-0059.txt">View document source</a>.
-Generated on: 2010-01-13 03:27 UTC.
+Generated on: 2010-01-31 07:53 UTC.
 Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
 
 </div>



1.5                  xml/htdocs/proj/en/glep/glep-0059.txt

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt?rev=1.5&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt?rev=1.5&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt?r1=1.4&r2=1.5

Index: glep-0059.txt
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt,v
retrieving revision 1.4
retrieving revision 1.5
diff -p -w -b -B -u -u -r1.4 -r1.5
--- glep-0059.txt	13 Jan 2010 03:26:53 -0000	1.4
+++ glep-0059.txt	31 Jan 2010 07:55:45 -0000	1.5
@@ -1,7 +1,7 @@
 GLEP: 59
 Title: Manifest2 hash policies and security implications
-Version: $Revision: 1.4 $
-Last-Modified: $Date: 2010/01/13 03:26:53 $
+Version: $Revision: 1.5 $
+Last-Modified: $Date: 2010/01/31 07:55:45 $
 Author: Robin Hugh Johnson <robbat2@gentoo.org>, 
 Status: Draft
 Type: Standards Track
@@ -10,7 +10,7 @@ Requires: 44
 Created: October 2006
 Updated: November 2007, June 2008, July 2008, October 2008, January 2010
 Updates: 44
-Post-History: December 2009
+Post-History: December 2009, January 2010
 
 Abstract
 ========
@@ -39,16 +39,20 @@ is that multiple checksums would be an i
 could not provably quantify the amount of security this added.
 The really bad news, is that this position is completely and utterly
 wrong. Many of you will be aghast at this. There is extremely little
-added security in multiple checksums [J04]. For any set of checksums,
-the actual strength lies in that of the strongest checksum.
+added security in multiple checksums as noted by Joux [J04]. For any set
+of checksums, the actual strength lies in that of the strongest
+checksum.
+
+Wang et al [W04] extended Joux's [J04] work on SHA-0 to cover MD4, MD5,
+HAVAL-128 and RIPEMD families of hashes.
 
 How fast can MD5 be broken?
 ---------------------------
-For a general collision, not a pre-image attack, since the original
-announcement by Wang et al [W04], the time required to break MD5 has
-been massively reduced. Originally at 1 hour on a near-supercomputer
-(IBM P690) and estimated at 64 hours with a Pentium-3 1.7Ghz. This has
-gone down to less than in two years, to 17 seconds [K06a]!
+For a general collision, not a pre-image attack, since the announcement
+by Wang et al [W04], the time required to break MD5 has been massively
+reduced. Originally at 1 hour on a near-supercomputer (IBM P690) and
+estimated at 64 hours with a Pentium-3 1.7Ghz. This has gone down to
+less than in two years, to 17 seconds [K06a].
 
 08/2004 - 1 hour, IBM pSeries 690 (32x 1.7Ghz POWER4+) = 54.4 GHz-Hours
 03/2005 - 8 hours, Pentium-M 1.6Ghz = 12.8 Ghz-Hours
@@ -61,28 +65,26 @@ may be broken over the course of 2 years
 >2000x), then existing checksums do not stand a significant chance of
 survival in the future. We should thus accept that whatever checksums we
 are using today, will be broken in the near future, and plan as best as
-possible. (A brief review [H04] of the present SHA1 attacks indicates an
+possible. (A brief review [H04] of the SHA1 attacks indicates an
 improvement of ~600x in the same timespan).
 
 And for those that claim implementation of these procedures is not yet
 feasible, see [K06b] for an application that can produce two
-self-extracting .exe files, with identical MD5s, and whatever payload
-you want.
+self-extracting EXE files, with identical MD5s, and whatever payload you
+want.
 
 The good news
 -------------
-Of the checksums presently used by Manifest2, one stands close to being
-completely broken: SHA1. The SHA2 series has suffered some attacks, but
-still remains reasonably solid [G07],[K08]. No attacks against RIPEMD160
-have been published, however it is constructed in the same manner as
-MD5, SHA1 and SHA2, so is also vulnerable to the new methods of
-cryptanalysis [H04].
+Of the checksums presently used by Manifest2 (SHA1, SHA256, RIPEMD160),
+one stands close to being completely broken: SHA1; and another is
+significantly weakened: RIPEMD160. The SHA2 series has suffered some
+attacks, but still remains reasonably solid [G07],[K08]. 
 
 To reduce the potential for future problems and any single checksum
 break leading to a rapid decrease in security, we should incorporate the
 strongest hash available from each family of checksums, and be prepared
 to retire old checksums actively, unless there is a overriding reason to
-keep a specific checksum.
+keep a specific checksum, such as part of a migration plan.
 
 What should be done
 -------------------
@@ -94,24 +96,35 @@ sufficient time to upgrade. We should be
 checksums wherever possible, and to remove those that have been
 defeated.
 
-An unsupported hash is not considered to be a failure unless no
-supported hashes are available.
+As soon as feasible, we should add the SHA512 and WHIRLPOOL algorithms.
+In future, as stream-based checksums are developed (in response to the
+development by NIST [AHS]), they should be considered and used.
+
+The SHA512 algorithm is available in Python 2.5, which has been a
+dependency of Portage since approximately Python 2.1.6.13.
+
+The WHIRLPOOL checksum is not available within the PyCrypto library or
+hashlib that is part of Python 2.5, but there are multiple alternative
+Python implementations available, ranging from pure Python to C-based
+(python-mhash).
+
+The existence unsupported hash is not considered to be a failure unless
+no supported hashes are available for a given Manifest entry.
+
+Checksum depreciation timing
+----------------------------
+For the current Portage, both SHA1 and RIPEMD160 should be immediately
+removed, as they present no advantages over the already present SHA256.
+SHA256 cannot be replaced immediately with SHA512, as existing Portage
+versions need at least one supported algorithm present (SHA256 support
+was added in June 2006), so it must be retained for some while.
+
+Immediately:
+- Add WHIRLPOOL and SHA512.
+- Remove SHA1 and RIPEMD160.
 
-Checksum depreciation
-~~~~~~~~~~~~~~~~~~~~~
-For the current Portage, SHA1 should be gradually removed, as presents
-no advantages over SHA256. Beyond one specific problem (see the next
-paragraph), we should add SHA512 (SHA2, 512 bit size), the Whirlpool
-checksum (standardized checksum, with no known weaknesses). In future,
-as stream-based checksums are developed (in response to the development
-by NIST [AHS]), they should be considered and used.
-
-There is one temporary stumbling block at hand - the existing Portage
-infrastructure does not support SHA384/512 or Whirlpool, thus hampering
-their immediate acceptance. SHA512 is available in Python 2.5, while
-SHA1 is already available in Python 2.4. After Python2.5 is established
-in a Gentoo media release, that would be a suitable time to remove SHA1
-from Manifest2 files.
+After the majority of Portage installations include SHA512 support:
+- Remove SHA256.
 
 Backwards Compatibility
 =======================

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/glep: glep-0059.html glep-0059.txt

[Robin H. Johnson (robbat2)]

robbat2     10/02/02 05:49:28

  Modified:             glep-0059.html glep-0059.txt
  Log:
  Fix s/Python/Portage/ mention per Cardoe. Extend the backwards compatability a bit to note what to do for even more compatability.

Revision  Changes    Path
1.9                  xml/htdocs/proj/en/glep/glep-0059.html

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.html?rev=1.9&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.html?rev=1.9&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.html?r1=1.8&r2=1.9

Index: glep-0059.html
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0059.html,v
retrieving revision 1.8
retrieving revision 1.9
diff -p -w -b -B -u -u -r1.8 -r1.9
--- glep-0059.html	31 Jan 2010 09:56:08 -0000	1.8
+++ glep-0059.html	2 Feb 2010 05:49:27 -0000	1.9
@@ -156,7 +156,7 @@ defeated.</p>
 In future, as stream-based checksums are developed (in response to the
 development by NIST [AHS]), they should be considered and used.</p>
 <p>The SHA512 algorithm is available in Python 2.5, which has been a
-dependency of Portage since approximately Python 2.1.6.13.</p>
+dependency of Portage since approximately Portage 2.1.6.13.</p>
 <p>The WHIRLPOOL checksum is not available within the PyCrypto library or
 hashlib that is part of Python 2.5, but there are multiple alternative
 Python implementations available, ranging from pure Python to C-based
@@ -182,6 +182,9 @@ was added in June 2006), so it must be r
 <h1><a class="toc-backref" href="#id9">Backwards Compatibility</a></h1>
 <p>Old versions of Portage may support and expect only specific checksums.
 This is accounted for in the checksum depreciation discussion.</p>
+<p>For maximum compatiability, we should only have to include each of the
+old algorithms that we are officially still supporting, as well as the
+new ones that we prefer.</p>
 </div>
 <div class="section" id="references">
 <h1><a class="toc-backref" href="#id10">References</a></h1>
@@ -247,7 +250,7 @@ Open Publication License, v1.0.</p>
 <div class="footer">
 <hr class="footer" />
 <a class="reference external" href="glep-0059.txt">View document source</a>.
-Generated on: 2010-01-31 09:56 UTC.
+Generated on: 2010-02-02 05:44 UTC.
 Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
 
 </div>



1.7                  xml/htdocs/proj/en/glep/glep-0059.txt

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt?rev=1.7&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt?rev=1.7&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt?r1=1.6&r2=1.7

Index: glep-0059.txt
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt,v
retrieving revision 1.6
retrieving revision 1.7
diff -p -w -b -B -u -u -r1.6 -r1.7
--- glep-0059.txt	31 Jan 2010 09:55:43 -0000	1.6
+++ glep-0059.txt	2 Feb 2010 05:49:27 -0000	1.7
@@ -1,7 +1,7 @@
 GLEP: 59
 Title: Manifest2 hash policies and security implications
-Version: $Revision: 1.6 $
-Last-Modified: $Date: 2010/01/31 09:55:43 $
+Version: $Revision: 1.7 $
+Last-Modified: $Date: 2010/02/02 05:49:27 $
 Author: Robin Hugh Johnson <robbat2@gentoo.org>, 
 Status: Draft
 Type: Standards Track
@@ -105,7 +105,7 @@ In future, as stream-based checksums are
 development by NIST [AHS]), they should be considered and used.
 
 The SHA512 algorithm is available in Python 2.5, which has been a
-dependency of Portage since approximately Python 2.1.6.13.
+dependency of Portage since approximately Portage 2.1.6.13.
 
 The WHIRLPOOL checksum is not available within the PyCrypto library or
 hashlib that is part of Python 2.5, but there are multiple alternative
@@ -135,6 +135,10 @@ Backwards Compatibility
 Old versions of Portage may support and expect only specific checksums.
 This is accounted for in the checksum depreciation discussion.
 
+For maximum compatiability, we should only have to include each of the
+old algorithms that we are officially still supporting, as well as the
+new ones that we prefer.
+
 References
 ==========
 

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/glep: glep-0059.html glep-0059.txt

[Robin H. Johnson (robbat2)]

robbat2     10/02/07 10:39:53

  Modified:             glep-0059.html glep-0059.txt
  Log:
  Fix items per mail <robbat2-20100204T024714-596935539Z@orbis-terrarum.net>.

Revision  Changes    Path
1.10                 xml/htdocs/proj/en/glep/glep-0059.html

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.html?rev=1.10&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.html?rev=1.10&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.html?r1=1.9&r2=1.10

Index: glep-0059.html
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0059.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -p -w -b -B -u -u -r1.9 -r1.10
--- glep-0059.html	2 Feb 2010 05:49:27 -0000	1.9
+++ glep-0059.html	7 Feb 2010 10:39:52 -0000	1.10
@@ -27,9 +27,9 @@
 </tr>
 <tr class="field"><th class="field-name">Title:</th><td class="field-body">Manifest2 hash policies and security implications</td>
 </tr>
-<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.6</td>
+<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.7</td>
 </tr>
-<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0059.txt?cvsroot=gentoo">2010/01/31 09:55:43</a></td>
+<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0059.txt?cvsroot=gentoo">2010/02/02 05:49:27</a></td>
 </tr>
 <tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson &lt;robbat2&#32;&#97;t&#32;gentoo.org&gt;,</td>
 </tr>
@@ -62,13 +62,17 @@
 <li><a class="reference internal" href="#how-fast-can-md5-be-broken" id="id5">How fast can MD5 be broken?</a></li>
 <li><a class="reference internal" href="#the-good-news" id="id6">The good news</a></li>
 <li><a class="reference internal" href="#what-should-be-done" id="id7">What should be done</a></li>
-<li><a class="reference internal" href="#checksum-depreciation-timing" id="id8">Checksum depreciation timing</a></li>
+<li><a class="reference internal" href="#checksum-depreciation-timing" id="id8">Checksum depreciation timing</a><ul>
+<li><a class="reference internal" href="#general-principles" id="id9">General principles:</a></li>
+<li><a class="reference internal" href="#immediate-plans" id="id10">Immediate plans:</a></li>
 </ul>
 </li>
-<li><a class="reference internal" href="#backwards-compatibility" id="id9">Backwards Compatibility</a></li>
-<li><a class="reference internal" href="#references" id="id10">References</a></li>
-<li><a class="reference internal" href="#thanks-to" id="id11">Thanks to</a></li>
-<li><a class="reference internal" href="#copyright" id="id12">Copyright</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#backwards-compatibility" id="id11">Backwards Compatibility</a></li>
+<li><a class="reference internal" href="#references" id="id12">References</a></li>
+<li><a class="reference internal" href="#thanks-to" id="id13">Thanks to</a></li>
+<li><a class="reference internal" href="#copyright" id="id14">Copyright</a></li>
 </ul>
 </div>
 <div class="section" id="abstract">
@@ -114,11 +118,13 @@ by Wang et al [W04], the time required t
 reduced. Originally at 1 hour on a near-supercomputer (IBM P690) and
 estimated at 64 hours with a Pentium-3 1.7Ghz. This has gone down to
 less than in two years, to 17 seconds [K06a].</p>
-<p>08/2004 - 1 hour, IBM pSeries 690 (32x 1.7Ghz POWER4+) = 54.4 GHz-Hours
-03/2005 - 8 hours, Pentium-M 1.6Ghz = 12.8 Ghz-Hours
-11/2005 - 5 hours, Pentium-4 1.7Ghz = 8.5 Ghz-Hours
-03/2006 - 1 minute, Pentium-4 3.2Ghz = .05 Ghz-Hours
-04/2006 - 17 seconds, Pentium-4 3.2Ghz = .01 Ghz-Hours</p>
+<ul class="simple">
+<li>08/2004 - 1 hour, IBM pSeries 690 (32x 1.7Ghz POWER4+) = 54.4 GHz-Hours</li>
+<li>03/2005 - 8 hours, Pentium-M 1.6Ghz = 12.8 Ghz-Hours</li>
+<li>11/2005 - 5 hours, Pentium-4 1.7Ghz = 8.5 Ghz-Hours</li>
+<li>03/2006 - 1 minute, Pentium-4 3.2Ghz = .05 Ghz-Hours</li>
+<li>04/2006 - 17 seconds, Pentium-4 3.2Ghz = .01 Ghz-Hours</li>
+</ul>
 <p>If we accept a factor of 800x as a sample of how much faster a checksum
 may be broken over the course of 2 years (MD5 using the above data is
 &gt;2000x), then existing checksums do not stand a significant chance of
@@ -149,9 +155,9 @@ keep a specific checksum, such as part o
 available in a Manifest2, starting with the strongest ones as maintained
 by a preference list. Over time, the weaker checksums should be removed
 from Manifest2 files, once all old Portage installations have had
-sufficient time to upgrade. We should be prepared to add stronger
-checksums wherever possible, and to remove those that have been
-defeated.</p>
+sufficient time to upgrade. Stronger checksums shall be added as soon as
+an implementation is available in Portage. Weak checksums may be removed
+as long as the depreciation process is followed (see below).</p>
 <p>As soon as feasible, we should add the SHA512 and WHIRLPOOL algorithms.
 In future, as stream-based checksums are developed (in response to the
 development by NIST [AHS]), they should be considered and used.</p>
@@ -166,20 +172,41 @@ no supported hashes are available for a 
 </div>
 <div class="section" id="checksum-depreciation-timing">
 <h2><a class="toc-backref" href="#id8">Checksum depreciation timing</a></h2>
+<div class="section" id="general-principles">
+<h3><a class="toc-backref" href="#id9">General principles:</a></h3>
+<p>A minimum set of depreciated checksums shall be maintained only to
+support old package manager versions where needed by historically used
+trees:</p>
+<ul class="simple">
+<li>New package manager versions should NOT use depreciated checksums in</li>
+<li>New trees with that have never used the depreciated checksums may omit
+them for reasons of size, but are still strongly suggested to include
+them.</li>
+<li>Removal of depreciated checksums shall happen after no less than 18
+months or one major Portage version cycle, whichever is greater.</li>
+</ul>
+</div>
+<div class="section" id="immediate-plans">
+<h3><a class="toc-backref" href="#id10">Immediate plans:</a></h3>
 <p>For the current Portage, both SHA1 and RIPEMD160 should be immediately
 removed, as they present no advantages over the already present SHA256.
 SHA256 cannot be replaced immediately with SHA512, as existing Portage
 versions need at least one supported algorithm present (SHA256 support
 was added in June 2006), so it must be retained for some while.</p>
-<p>Immediately:
-- Add WHIRLPOOL and SHA512.
-- Remove SHA1 and RIPEMD160.</p>
-<p>After the majority of Portage installations include SHA512 support:
-- Remove SHA256.</p>
+<p>Immediately:</p>
+<ul class="simple">
+<li>Add WHIRLPOOL and SHA512.</li>
+<li>Remove SHA1 and RIPEMD160.</li>
+</ul>
+<p>After the majority of Portage installations include SHA512 support:</p>
+<ul class="simple">
+<li>Remove SHA256.</li>
+</ul>
+</div>
 </div>
 </div>
 <div class="section" id="backwards-compatibility">
-<h1><a class="toc-backref" href="#id9">Backwards Compatibility</a></h1>
+<h1><a class="toc-backref" href="#id11">Backwards Compatibility</a></h1>
 <p>Old versions of Portage may support and expect only specific checksums.
 This is accounted for in the checksum depreciation discussion.</p>
 <p>For maximum compatiability, we should only have to include each of the
@@ -187,7 +214,7 @@ old algorithms that we are officially st
 new ones that we prefer.</p>
 </div>
 <div class="section" id="references">
-<h1><a class="toc-backref" href="#id10">References</a></h1>
+<h1><a class="toc-backref" href="#id12">References</a></h1>
 <dl class="docutils">
 <dt>[AHS] NIST (2007). &quot;NIST's Plan for New Cryptographic Hash Functions&quot;,</dt>
 <dd>(Advanced Hash Standard). <a class="reference external" href="http://csrc.nist.gov/pki/HashWorkshop/">http://csrc.nist.gov/pki/HashWorkshop/</a></dd>
@@ -225,7 +252,7 @@ version (August 17, 2004). Available onl
 </dl>
 </div>
 <div class="section" id="thanks-to">
-<h1><a class="toc-backref" href="#id11">Thanks to</a></h1>
+<h1><a class="toc-backref" href="#id13">Thanks to</a></h1>
 <dl class="docutils">
 <dt>I'd like to thank the following folks, in no specific order:</dt>
 <dd><ul class="first last simple">
@@ -239,7 +266,7 @@ codebase.</li>
 </dl>
 </div>
 <div class="section" id="copyright">
-<h1><a class="toc-backref" href="#id12">Copyright</a></h1>
+<h1><a class="toc-backref" href="#id14">Copyright</a></h1>
 <p>Copyright (c) 2006-2010 by Robin Hugh Johnson. This material may be
 distributed only subject to the terms and conditions set forth in the
 Open Publication License, v1.0.</p>
@@ -250,7 +277,7 @@ Open Publication License, v1.0.</p>
 <div class="footer">
 <hr class="footer" />
 <a class="reference external" href="glep-0059.txt">View document source</a>.
-Generated on: 2010-02-02 05:44 UTC.
+Generated on: 2010-02-07 10:37 UTC.
 Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
 
 </div>



1.8                  xml/htdocs/proj/en/glep/glep-0059.txt

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt?rev=1.8&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt?rev=1.8&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt?r1=1.7&r2=1.8

Index: glep-0059.txt
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt,v
retrieving revision 1.7
retrieving revision 1.8
diff -p -w -b -B -u -u -r1.7 -r1.8
--- glep-0059.txt	2 Feb 2010 05:49:27 -0000	1.7
+++ glep-0059.txt	7 Feb 2010 10:39:52 -0000	1.8
@@ -1,7 +1,7 @@
 GLEP: 59
 Title: Manifest2 hash policies and security implications
-Version: $Revision: 1.7 $
-Last-Modified: $Date: 2010/02/02 05:49:27 $
+Version: $Revision: 1.8 $
+Last-Modified: $Date: 2010/02/07 10:39:52 $
 Author: Robin Hugh Johnson <robbat2@gentoo.org>, 
 Status: Draft
 Type: Standards Track
@@ -58,11 +58,15 @@ reduced. Originally at 1 hour on a near-
 estimated at 64 hours with a Pentium-3 1.7Ghz. This has gone down to
 less than in two years, to 17 seconds [K06a].
 
-08/2004 - 1 hour, IBM pSeries 690 (32x 1.7Ghz POWER4+) = 54.4 GHz-Hours
-03/2005 - 8 hours, Pentium-M 1.6Ghz = 12.8 Ghz-Hours
-11/2005 - 5 hours, Pentium-4 1.7Ghz = 8.5 Ghz-Hours
-03/2006 - 1 minute, Pentium-4 3.2Ghz = .05 Ghz-Hours
-04/2006 - 17 seconds, Pentium-4 3.2Ghz = .01 Ghz-Hours
+- 08/2004 - 1 hour, IBM pSeries 690 (32x 1.7Ghz POWER4+) = 54.4 GHz-Hours
+
+- 03/2005 - 8 hours, Pentium-M 1.6Ghz = 12.8 Ghz-Hours
+
+- 11/2005 - 5 hours, Pentium-4 1.7Ghz = 8.5 Ghz-Hours
+
+- 03/2006 - 1 minute, Pentium-4 3.2Ghz = .05 Ghz-Hours
+
+- 04/2006 - 17 seconds, Pentium-4 3.2Ghz = .01 Ghz-Hours
 
 If we accept a factor of 800x as a sample of how much faster a checksum
 may be broken over the course of 2 years (MD5 using the above data is
@@ -96,9 +100,9 @@ Portage should always try to verify all 
 available in a Manifest2, starting with the strongest ones as maintained
 by a preference list. Over time, the weaker checksums should be removed
 from Manifest2 files, once all old Portage installations have had
-sufficient time to upgrade. We should be prepared to add stronger
-checksums wherever possible, and to remove those that have been
-defeated.
+sufficient time to upgrade. Stronger checksums shall be added as soon as
+an implementation is available in Portage. Weak checksums may be removed
+as long as the depreciation process is followed (see below).
 
 As soon as feasible, we should add the SHA512 and WHIRLPOOL algorithms.
 In future, as stream-based checksums are developed (in response to the
@@ -117,6 +121,23 @@ no supported hashes are available for a 
 
 Checksum depreciation timing
 ----------------------------
+General principles:
+~~~~~~~~~~~~~~~~~~~
+A minimum set of depreciated checksums shall be maintained only to
+support old package manager versions where needed by historically used
+trees:
+
+- New package manager versions should NOT use depreciated checksums in
+
+- New trees with that have never used the depreciated checksums may omit
+  them for reasons of size, but are still strongly suggested to include
+  them.
+
+- Removal of depreciated checksums shall happen after no less than 18
+  months or one major Portage version cycle, whichever is greater.
+
+Immediate plans:
+~~~~~~~~~~~~~~~~
 For the current Portage, both SHA1 and RIPEMD160 should be immediately
 removed, as they present no advantages over the already present SHA256.
 SHA256 cannot be replaced immediately with SHA512, as existing Portage