From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 328191396D9 for ; Fri, 20 Oct 2017 23:40:04 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B1266E0E7B; Fri, 20 Oct 2017 23:40:00 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 5BCD7E0DD3 for ; Fri, 20 Oct 2017 23:40:00 +0000 (UTC) Received: from pomiot (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id ACA6333BF0B; Fri, 20 Oct 2017 23:39:58 +0000 (UTC) Message-ID: <1508542795.6784.4.camel@gentoo.org> Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Date: Sat, 21 Oct 2017 01:39:55 +0200 In-Reply-To: References: <1508440120.19870.14.camel@gentoo.org> <20171020003258.7ad4695b@pc1> Organization: Gentoo Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 6d1c7b2c-5b5a-4cc5-9a8c-50f002dee721 X-Archives-Hash: f110a43f315e200c190e012749efc580 W dniu pią, 20.10.2017 o godzinie 18∶42 -0400, użytkownik Anton Molyboha napisał: > On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey wrote: > > > On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote: > > > > > On Thu, 19 Oct 2017 21:08:40 +0200 > > > Michał Górny wrote: > > > > > > > manifest-hashes = SHA512 SHA3_512 > > > > > > Counterproposal: Just use SHA512. > > > > > > There isn't any evidence that any SHA2-based hash algorithm is going to > > > be broken any time soon. If that changes there will very likely be > > > decades of warning before a break becomes practical. > > > > > > Having just one hash is simpler and using a well supported one like > > > SHA512 may make things easier than using something that's still not > > > very widely supported. > > > > > > Yet having more than one lets you match make sure nobody hijacked your > > manifest file when an attack vector is inevitably discovered for the old > > new algorithm (whether SHA2, SHA3, or BLAKE2), because you'll be able to > > confirm the file is the same one that matched the old checksum in addition > > to the new one. > > > > Would it make sense then to support several hashes but let the user > optionally turn off the verification of some of them, depending on the > user's security vs performance requirements? > I won't block anyone from implementing such an option but I won't spend my time on it either. However, if you believe verifying two checksums could be a problem, then I have serious doubts if you hardware is capable of building anything. -- Best regards, Michał Górny