From: "Hanno Böck" <hanno@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th: one hash to decide them all
Date: Wed, 25 Oct 2017 14:32:04 +0200 [thread overview]
Message-ID: <20171025143204.0ebe00b4@pc1> (raw)
In-Reply-To: <robbat2-20171025T022621-792659468Z@orbis-terrarum.net>
[-- Attachment #1: Type: text/plain, Size: 2271 bytes --]
Hi,
On Wed, 25 Oct 2017 02:40:58 +0000
"Robin H. Johnson" <robbat2@gentoo.org> wrote:
> At that point, and this is a serious proposal:
> The package manager shall decide which hashes to check, but is
> required to check at least one hash. The choice may be 'fastest',
> 'most secure', or any local factor.
Sorry to contribute again to the bikeshedding, but I'd really like to
get one thought across here:
Good security includes reducing complexity. Tough (as evident by this
thread) it's a thought many people find hard to accept.
I don't think this is most important in this discussion, but I feel
it's something people should keep in mind also for other decisions to
be made.
This thread is going into a completely different direction and I find
that worriesome. We have two non-problems ("what if secure hash X gets
broken?" and "what if it's too slow? I haven't benchmarked, but what if
it's too slow??") and people proposing increasingly complex solutions.
If you do what you propose my worries aren't that any hash gets broken
or that it's too slow. It's that some bug will chime in where in some
situation no hash gets checked whatsoever.
Having more than one hash is already unneeded complexity. Nobody does
that. TLS signatures use one hash. GPG signatures uses one hash. Signal
uses one hash. I'm not aware of any credible cryptographic product that
feels the need to have multiple hashes concatenated. (The only real
example I'm aware of is old TLS versions who chose to concat two
insecure hashes - MD5+sha1 - which obviously wasn't the smartest idea
either, but one can credibly say they didn't know better back then.)
Having a situation where one can either check one hash or multiple and
add configurability around that is another step of adding unneeded
complexity.
Also one more comment about the issue with potentially buggy Hash
implementations: I feel this is a software testing problem rather than
anything that should influence our package manager format or be tested
at runtime. Add a self-test of hash functions with a large batch of
test vectors that you can easily run.
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2017-10-25 12:32 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-19 19:08 [gentoo-dev] Manifest2 hashes, take n+1-th Michał Górny
2017-10-19 21:00 ` Michał Górny
2017-10-19 22:20 ` Francesco Riosa
2017-10-20 23:38 ` Michał Górny
2017-10-21 1:21 ` R0b0t1
2017-10-19 22:32 ` Hanno Böck
2017-10-19 22:49 ` Gordon Pettey
2017-10-20 9:10 ` Dirkjan Ochtman
2017-10-20 9:23 ` Ulrich Mueller
2017-10-20 9:31 ` Dirkjan Ochtman
2017-10-20 12:55 ` Hanno Böck
2017-10-20 13:04 ` Kristian Fiskerstrand
2017-10-20 13:32 ` Rich Freeman
2017-10-21 1:23 ` R0b0t1
2017-10-20 22:42 ` Anton Molyboha
2017-10-20 23:03 ` Gordon Pettey
2017-10-20 23:39 ` Michał Górny
2017-10-21 2:56 ` [gentoo-dev] " Duncan
2017-10-20 13:05 ` [gentoo-dev] " Michael Orlitzky
2017-10-20 13:26 ` Kristian Fiskerstrand
2017-10-20 15:42 ` Paweł Hajdan, Jr.
2017-10-20 16:15 ` Michał Górny
2017-10-21 8:01 ` Paweł Hajdan, Jr.
2017-10-21 8:20 ` Michał Górny
2017-10-20 22:21 ` R0b0t1
2017-10-21 16:26 ` Robin H. Johnson
2017-10-21 17:12 ` R0b0t1
2017-10-21 17:37 ` R0b0t1
2017-10-21 17:50 ` Hanno Böck
2017-10-21 20:11 ` [gentoo-dev] " Duncan
2017-11-08 18:57 ` R0b0t1
2017-11-08 20:01 ` Jonas Stein
2017-11-08 23:45 ` [gentoo-dev] " R0b0t1
2017-11-15 21:02 ` [gentoo-dev] Manifest2 hashes: validation of single hash per MANIFESTx_REQUIRED_HASH Robin H. Johnson
2017-11-21 3:00 ` R0b0t1
2017-11-21 3:15 ` R0b0t1
2017-11-21 4:19 ` Matt Turner
2017-11-21 4:28 ` R0b0t1
2017-11-08 19:01 ` [gentoo-dev] Manifest2 hashes, take n+1-th R0b0t1
2017-10-23 8:16 ` [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case Robin H. Johnson
2017-10-23 11:33 ` Michał Górny
2017-10-23 21:00 ` Robin H. Johnson
2017-10-24 4:04 ` Michał Górny
2017-10-24 4:11 ` Michał Górny
2017-10-24 8:21 ` Paweł Hajdan, Jr.
2017-10-24 12:01 ` Rich Freeman
2017-10-24 11:56 ` Chí-Thanh Christopher Nguyễn
2017-10-24 13:25 ` Michał Górny
2017-10-24 21:33 ` Allan Wegan
2017-10-25 2:40 ` [gentoo-dev] Manifest2 hashes, take n+1-th: one hash to decide them all Robin H. Johnson
2017-10-25 12:32 ` Hanno Böck [this message]
2017-10-25 17:43 ` Paweł Hajdan, Jr.
2017-10-28 4:54 ` R0b0t1
2017-11-13 2:22 ` [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case Joshua Kinard
2017-11-13 3:48 ` Gordon Pettey
2017-11-13 4:28 ` Joshua Kinard
2017-11-13 7:37 ` Michał Górny
2017-10-21 2:01 ` [gentoo-dev] Manifest2 hashes, take n+1-th Jason A. Donenfeld
2017-10-21 7:09 ` Michał Górny
2017-10-21 2:08 ` Chí-Thanh Christopher Nguyễn
2017-10-21 7:09 ` Michał Górny
2017-11-06 16:58 ` Michał Górny
2017-11-06 19:13 ` Robin H. Johnson
2017-11-06 19:25 ` Mike Gilbert
2017-11-06 19:36 ` Michał Górny
-- strict thread matches above, loose matches on Subject: below --
2017-11-15 16:28 [gentoo-dev] manifest-hashes changing to 'BLAKE2B SHA512' on 2017-11-21 Michał Górny
2017-11-15 17:47 ` R0b0t1
2017-11-15 19:21 ` NP-Hardass
2017-11-15 20:21 ` William L. Thomson Jr.
2017-11-15 21:15 ` Rich Freeman
2017-11-15 22:10 ` William L. Thomson Jr.
[not found] ` <20171115171011.07ffd30a@wlt.obsidian-studios.com>
2017-11-15 22:19 ` William L. Thomson Jr.
2017-11-15 20:14 ` William L. Thomson Jr.
2017-11-15 19:25 ` Nils Freydank
2017-11-15 22:56 ` Michał Górny
2017-11-21 18:21 ` Michał Górny
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171025143204.0ebe00b4@pc1 \
--to=hanno@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox