From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-82492-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 5D15D1396D9
	for <garchives@archives.gentoo.org>; Tue, 24 Oct 2017 08:21:35 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id BF89A2BC07B;
	Tue, 24 Oct 2017 08:21:27 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 5E7382BC007
	for <gentoo-dev@lists.gentoo.org>; Tue, 24 Oct 2017 08:21:27 +0000 (UTC)
Received: from phjr-macbookpro.local (unknown [188.121.0.11])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: phajdan.jr)
	by smtp.gentoo.org (Postfix) with ESMTPSA id A81E333C1EB
	for <gentoo-dev@lists.gentoo.org>; Tue, 24 Oct 2017 08:21:25 +0000 (UTC)
Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the
 tie-breaker case
To: gentoo-dev@lists.gentoo.org
References: <1508440120.19870.14.camel@gentoo.org>
 <CAAD4mYhkpzGKXxwZn-2arwj4NuU5U+fsWRkNw0uRRm6X_MKgfw@mail.gmail.com>
 <robbat2-20171023T075239-354218452Z@orbis-terrarum.net>
 <26AE424C-19DF-4059-A7DE-8ED6D605FF2C@gentoo.org>
 <robbat2-20171023T173046-121070171Z@orbis-terrarum.net>
 <1508817879.1688.6.camel@gentoo.org> <1508818272.1688.7.camel@gentoo.org>
From: =?UTF-8?Q?Pawe=c5=82_Hajdan=2c_Jr.?= <phajdan.jr@gentoo.org>
Message-ID: <18ecb9e4-a435-ce0b-6310-9f8896192e1c@gentoo.org>
Date: Tue, 24 Oct 2017 10:21:16 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0)
 Gecko/20100101 Thunderbird/52.4.0
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
In-Reply-To: <1508818272.1688.7.camel@gentoo.org>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="BX4u1K2jlijbMd8pLOv6kbbpoDRqJ313H"
X-Archives-Salt: 7f3a4078-1855-4df7-ad13-f16c1297c90f
X-Archives-Hash: 49fdccef6e6f09fd61883f9eb91aba56

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--BX4u1K2jlijbMd8pLOv6kbbpoDRqJ313H
Content-Type: multipart/mixed; boundary="Ri09GnqMXix5nSMG6mXpWnJiNlJnWsEJN";
 protected-headers="v1"
From: =?UTF-8?Q?Pawe=c5=82_Hajdan=2c_Jr.?= <phajdan.jr@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Message-ID: <18ecb9e4-a435-ce0b-6310-9f8896192e1c@gentoo.org>
Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the
 tie-breaker case
References: <1508440120.19870.14.camel@gentoo.org>
 <CAAD4mYhkpzGKXxwZn-2arwj4NuU5U+fsWRkNw0uRRm6X_MKgfw@mail.gmail.com>
 <robbat2-20171023T075239-354218452Z@orbis-terrarum.net>
 <26AE424C-19DF-4059-A7DE-8ED6D605FF2C@gentoo.org>
 <robbat2-20171023T173046-121070171Z@orbis-terrarum.net>
 <1508817879.1688.6.camel@gentoo.org> <1508818272.1688.7.camel@gentoo.org>
In-Reply-To: <1508818272.1688.7.camel@gentoo.org>

--Ri09GnqMXix5nSMG6mXpWnJiNlJnWsEJN
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 24/10/2017 06:11, Micha=C5=82 G=C3=B3rny wrote:
> W dniu wto, 24.10.2017 o godzinie 06=E2=88=B604=E2=80=89+0200, u=C5=BCy=
tkownik Micha=C5=82 G=C3=B3rny
> napisa=C5=82:
>> Three hashes don't give any noticeable advantage. If we want a diverse=

>> construct, we take SHA3. SHA3 is slower than SHA2 + BLAKE2 combined, s=
o
>> even with 3 threaded computation it's going to be slower.
>=20
> Oh, and most notably, the speed loss will be mostly visible to users.
> An attacker would have to compute the additional hashes only
> if the fastest hash already matched, i.e. rarely. Users will have to
> compute them all the time.

I'm surprised to see bikeshedding about this, where the performance
argument was shown to be speculative.

Consider clarifying what's the goal of this thread.

It seemed like a relatively obvious cleanup / modernizing the set of
hash functions, and I'd still be supportive of that.

Pawe=C5=82


--Ri09GnqMXix5nSMG6mXpWnJiNlJnWsEJN--

--BX4u1K2jlijbMd8pLOv6kbbpoDRqJ313H
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2

iQIcBAEBCgAGBQJZ7vgBAAoJEOOGGXc/wLdaMikP/15FFJFyGx7JEYSuAUl6bCEH
C/RCZrzKVKqF2+l7K4WfqY+eFkOKtlttmQaqivPkeKIyrN1f0dSkIoeDB2LvcO95
UlwcGujxfWjnb1SIA7pdKaqkXwnFKydM+iyT+8hOM4fjIJOEVyFtM5dGaQ08b9Hy
lPOwUzn5/ctORjLf1cTaGmv/QUMT1ZbiZwrXBcX7FfMKROYG9PuGsUfqeaVTaNup
jF3t5R/Cd98b9+5C7lUhVDKKZkhaVlrKacL8lRWyOjJxh4dk3YtmFecIW9DEiUcl
xeNyaXT8IZ7kfcKQEKwnXQoVXBcBlYLIPGY1A4hscm79071Bnzk0uz3trqUVVGVU
1TACYEvU3gtK14ykPJDYQj9ubAil48IbR/3shCNF8soh3DtrfCcGW1GITCTwqqe3
AP1ZepZwT0UE3AQ/bmJIRIq5l2LHFoEP0uUlMziEbVr1uoWu3udoRR9Ir148eXWN
xt3CUSamAfP/VMiSB0MkodPFnjhwa0SkifJoBUrwGW9QmLYY8AlIXd4bTAxDr9LP
lL/jU4YeKwwbGp4R/xcv7AfPXmW65sdkc0pPVeUWZou31zL+8CJwNXzw1Jgp/6AL
9nTuP6YjxVra+UalzxHhXppTYXA3Xp/X2xPsehCR+q3u8viHn9rd3rwrMa2EK8Cf
O3zPC4IuXFc9P6JCST1x
=jopA
-----END PGP SIGNATURE-----

--BX4u1K2jlijbMd8pLOv6kbbpoDRqJ313H--