From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D23A51396D9 for ; Fri, 20 Oct 2017 12:55:55 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 89755E0E20; Fri, 20 Oct 2017 12:55:48 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 29FB9E0DC8 for ; Fri, 20 Oct 2017 12:55:48 +0000 (UTC) Received: from pc1 (unknown [IPv6:2001:2012:127:3e00:b3bf:56a1:a140:6086]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: hanno) by smtp.gentoo.org (Postfix) with ESMTPSA id 55BA733BE2E for ; Fri, 20 Oct 2017 12:55:46 +0000 (UTC) Date: Fri, 20 Oct 2017 14:55:41 +0200 From: Hanno =?UTF-8?B?QsO2Y2s=?= To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th Message-ID: <20171020145541.20ff92da@pc1> In-Reply-To: <23017.49274.836794.894102@a1i15.kph.uni-mainz.de> References: <1508440120.19870.14.camel@gentoo.org> <20171020003258.7ad4695b@pc1> <23017.49274.836794.894102@a1i15.kph.uni-mainz.de> X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/TZWlXfMJ=UE0JRnV_PVtNQD"; protocol="application/pgp-signature" X-Archives-Salt: 945f6d24-a857-4e44-9226-d3affe69ab3f X-Archives-Hash: 64d48f17f38198f6584e00cdd70e7101 --Sig_/TZWlXfMJ=UE0JRnV_PVtNQD Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Fri, 20 Oct 2017 11:23:06 +0200 Ulrich Mueller wrote: > >>>>> On Fri, 20 Oct 2017, Dirkjan Ochtman wrote: =20 >=20 > > As Hanno was saying, we'll have decades of warning before a break > > becomes practical, so I don't think this is a real concern. =20 >=20 > How can we be sure of that? I guess the same reasoning was applied > when MD5 and SHA1 hashes were used. MD5 warning 1996: ftp://ftp.iks-jena.de/mitarb/lutz/crypt/hash/dobbertin.ps MD5 broken 2005: http://merlot.usc.edu/csac-f06/papers/Wang05a.pdf SHA1 warning 2005: https://people.csail.mit.edu/yiqun/SHA1AttackProceedingVersion.pdf SHA1 broken 2017: https://shattered.io/ It's reasonable to assume that modern hash functions will have a far longer warning period. For two reasons: * their safety margin is much higher to begin with, particularly if you choose something like SHA512 (256 bit collission resistance). It was more or less always clear that MD5 (64 bit) and SHA1 (80 bit) are in risky terrain even without any cryptographic breakthrough. * hash function research in 2017 is lightyears ahead of hash function research in the 90s and early 2000s. One major outcome of the research after the big hash breakdown in 2005 was that SHA-2 is much safer than people previously thought. I don' have a very strong opinion on this. Having two hash functions probably won't harm. Though I tend to prefer the simplest solutions if it's secure. And all my cryptographic knowledge tells me that "What if sha512 is broken?" isn't a realistic problem to be concerned about. I do feel it's a bit ironic that we have these lengthy discussions about hash functions while at the same time they provide little security to begin with, because they aren't transmitted over a secure channel and not signed... --=20 Hanno B=C3=B6ck https://hboeck.de/ mail/jabber: hanno@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 --Sig_/TZWlXfMJ=UE0JRnV_PVtNQD Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/nN1f6YOTiG5N1efpYgAcru1HkIFAlnp8k0ACgkQpYgAcru1 HkJ6IQ//cdAj3rup7z+QcGk4tkOYODgLuz16eHBYnRZA0NqHXSqKrS5akw8L5xdl vOhjwgNmG1bTCCnQQJ0otW60kTx7p0vpvSCCCLzuC8x/6CU+dRKT8Hbs5j/5JQwR 8BuFbN9RC2rw6tO8tJ73jO88yo/eOPOyiVFyMWAM+BKqeaVyduR/N/6Nmun0GMVb imYGU/2emO9Ax2HKP8sfBvwGbCMUOGG/lPVMTZqgmqstkfNBC8wSZw0fmSlERnEn 82D+KFo+AnSulLCFpzU99bpkzbVuS4SAcpfQWuqEbILQjQNfplv37gMXCNa8qam9 xNABuBrn5lyCMgAqZRmMmbcYwWwAFkNqUl/bnBQMzP4oV9rLB1HY3Lo4fbCKw/bu t+VP9fSNdsinU+ZxIyNVylesHmF99yOtOQj4lz6Hf7BxXl/0PNfelhXhGYwPE9kU cM15iG7yCLu1OrrO8eEI066tJw9N8LtGjU4ePecqNzXb61W8bUCCOL2SWL/CGeqU JXN5YfTJTx/AFdpHq5vEiCxsKUARLTSoUjTaIO4MkXL+ySbipkpmGQ+jvxyj1EUW lDBEmRb1hVyYsbLISJpCZvWhVQyn/ZQvR8+q+qADLi8CPyab0oe++R7Cx4POiP4d fbJjwhINUrRDYPK74CmsYGnXtgA9iLFVTHX0ifaowZ/jpd4oUMQ= =GfcX -----END PGP SIGNATURE----- --Sig_/TZWlXfMJ=UE0JRnV_PVtNQD--