From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5046F1396D9 for ; Fri, 20 Oct 2017 15:42:33 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8524C2BC021; Fri, 20 Oct 2017 15:42:28 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 399EB2BC013 for ; Fri, 20 Oct 2017 15:42:27 +0000 (UTC) Received: from phjr-macbookpro.local (apn-95-40-76-185.dynamic.gprs.plus.pl [95.40.76.185]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: phajdan.jr) by smtp.gentoo.org (Postfix) with ESMTPSA id 898C433BF43 for ; Fri, 20 Oct 2017 15:42:25 +0000 (UTC) Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th To: gentoo-dev@lists.gentoo.org References: <1508440120.19870.14.camel@gentoo.org> From: =?UTF-8?Q?Pawe=c5=82_Hajdan=2c_Jr.?= Message-ID: <0077e13e-e525-4e0e-5a43-6b05cefa221a@gentoo.org> Date: Fri, 20 Oct 2017 17:42:16 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <1508440120.19870.14.camel@gentoo.org> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0kdnlAnddpilu7wRSK09Wxa6EndvXnlVc" X-Archives-Salt: 23148856-179f-4200-ac9d-66add1192ac4 X-Archives-Hash: a664683284f18d7e0cb33298e838507a This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0kdnlAnddpilu7wRSK09Wxa6EndvXnlVc Content-Type: multipart/mixed; boundary="FJKahbcrXdXBMKtUlcwWKVKThrkJT5KHc"; protected-headers="v1" From: =?UTF-8?Q?Pawe=c5=82_Hajdan=2c_Jr.?= To: gentoo-dev@lists.gentoo.org Message-ID: <0077e13e-e525-4e0e-5a43-6b05cefa221a@gentoo.org> Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th References: <1508440120.19870.14.camel@gentoo.org> In-Reply-To: <1508440120.19870.14.camel@gentoo.org> --FJKahbcrXdXBMKtUlcwWKVKThrkJT5KHc Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 19/10/2017 21:08, Micha=C5=82 G=C3=B3rny wrote: > Considering all arguments made so far, I'd like to propose changing: > manifest-hashes =3D SHA256 SHA512 WHIRLPOOL > to: > manifest-hashes =3D SHA512 SHA3_512 +1, fine for me > 1. The main argument for using multiple hashes is to prevent the (very > unlikely) possibility that if a weakness is discovered in one of > the hashes, the other would still hold. This is given by using two > algorithms; more than two do not increase security significantly, while= > they do increase performance cost. Curious, do we have any measurements/estimates of the performance cost? Pawe=C5=82 --FJKahbcrXdXBMKtUlcwWKVKThrkJT5KHc-- --0kdnlAnddpilu7wRSK09Wxa6EndvXnlVc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQIcBAEBCgAGBQJZ6hldAAoJEOOGGXc/wLda+VUP/jRHp2wL9RYgnIGRdR+123Fn fqAJo98H1fVU0/igGPHEl96pQWxTJSysuC47z+sdP0IK8Ruwr6XR0v0KxaXjV10w RPu59YRH4529VjMF7J4wIseZHba5MCr1ds6KC1luLdPzzoKFOpHQfmiaO9mMUsw6 bJAeFI3n8Qk/Vnm4jsLdMcYMiKmc6pR3tqinXPL5dFYPTvQ8/Wk6cXr9hQUOwOf6 QuYLFPstV1Kdew3AOF5zs9Ft2VODBto7EE55bPMgCwxAD74EgicEtCBLCvbaM+rN SC5+VsZIK1g382cmob2cCX8PswyYNJ3uIPVc5VQNjBfBIaOYkpPz1JqtZwPr7TeZ 5RlDeVcgugMjwgmJI6Nnzka9EhP8KAlfa50f5dxKmpq9/o1k3mEaxZMXhaUsAfwB WHrY2FY1tMoNpQjinmP1hBmOYL+S8ACkPRbstNCe4Lb3ZieCXnvGQwBzrEImn0+F IZKVcfT1EO7fPMcOzM/xr/pC7vNtz99mLSQ5jGE8b+4wJYuArfWep2GmuZ3JPonZ JuKs6sL9u0WQxHiV8usfKViuBFopkYg/ZRmTj/DH99VF6QzkDpl6//hLHvj7+Vdk 1IfSLoHaD7aqvaRwbPW9rtbApvWWYcyHxwdO5lhIDK8UkiAJ924rFFLMXL1TZaX5 iTckUb57HEAPmYDS1cc9 =L69T -----END PGP SIGNATURE----- --0kdnlAnddpilu7wRSK09Wxa6EndvXnlVc--