From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-34211-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LW4hm-00054s-LX
	for garchives@archives.gentoo.org; Sun, 08 Feb 2009 08:07:54 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 9A1D9E019C;
	Sun,  8 Feb 2009 08:07:52 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 772DAE019C
	for <gentoo-dev@lists.gentoo.org>; Sun,  8 Feb 2009 08:07:52 +0000 (UTC)
Received: from [192.168.0.100] (173-224.1-85.cust.bluewin.ch [85.1.224.173])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTP id 83D0864EB7
	for <gentoo-dev@lists.gentoo.org>; Sun,  8 Feb 2009 08:07:51 +0000 (UTC)
Subject: Re: [gentoo-dev] [RFC] DIGESTS metadata variable for cache
 validation
From: Tiziano =?ISO-8859-1?Q?M=FCller?= <dev-zero@gentoo.org>
To: gentoo-dev@lists.gentoo.org
In-Reply-To: <498E17E6.8060407@gentoo.org>
References: <498758E6.5080609@gentoo.org>
	 <1234045916.24784.1373.camel@localhost>  <498E17E6.8060407@gentoo.org>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-tNG7y2Vrv43Vjvn7TvLd"
Organization: Gentoo
Date: Sun, 08 Feb 2009 09:07:44 +0100
Message-Id: <1234080464.24784.2517.camel@localhost>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
Mime-Version: 1.0
X-Mailer: Evolution 2.24.4 
X-Archives-Salt: 366a982f-d02b-49c1-8648-c72e32d027f7
X-Archives-Hash: 665616b09dacbd827aeaf104b33d627d


--=-tNG7y2Vrv43Vjvn7TvLd
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Am Samstag, den 07.02.2009, 15:23 -0800 schrieb Zac Medico:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> Tiziano M=C3=BCller wrote:
> > Am Montag, den 02.02.2009, 12:34 -0800 schrieb Zac Medico:
> >> For the digest format, I suggest that we use the leftmost 10
> >> hexadecimal digits of the SHA-1 digest. The rationale for limiting
> >> it to 10 digits (out of 40) is to save space. Due to the avalanche
> >> effect [2], 10 digits should be sufficient to ensure that problems
> >> resulting from hash collisions are extremely unlikely.
> > I'd recommend to prefix the digest with a "{TYPE}" (like for hashed
> > passwords) to be able to change the digest algorithm as needed
> > (especially in regards to the current SHA successor competition).
> > This allows a future package manager which might use SHA-3 for hashing
> > (once it's released) to still check old digests. Furthermore it would
> > allow for easier transition and only needs a definition of allowed
> > hashes instead of a specific one.
>=20
> I like that idea. That way it's not necessary to bump the EAPI in
> order to change the hash function. So, a typical DIGESTS value might
> look like this:
>=20
> SHA1 02021be38b a28b191904 3992945426 6ec21b29a3

Sleeping over it again I don't think that truncating a hash is a good
idea (truncating it from 40 to 10 digits makes the possibility of
collisions much much higher).
But if you want to go this way, I'd say you should use something like
SHA1t (t for truncated) to make sure we can use full hashes once we feel
it's appropriate.

--=20
=EF=BB=BF-------------------------------------------------------
Tiziano M=C3=BCller
Gentoo Linux Developer, Council Member
Areas of responsibility:
  Samba, PostgreSQL, CPP, Python, sysadmin
E-Mail     : dev-zero@gentoo.org
GnuPG FP   : F327 283A E769 2E36 18D5  4DE2 1B05 6A63 AE9C 1E30

--=-tNG7y2Vrv43Vjvn7TvLd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Dies ist ein digital signierter Nachrichtenteil

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEABECAAYFAkmOktAACgkQGwVqY66cHjC6+ACdG7xMjaveF/VgMsGZY73nkbDG
6MkAn2A5dUD3bEioshHTjrs8iPX4mItz
=P98o
-----END PGP SIGNATURE-----

--=-tNG7y2Vrv43Vjvn7TvLd--