From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 94DC01396D9 for ; Mon, 23 Oct 2017 11:33:31 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9F90DE0F21; Mon, 23 Oct 2017 11:33:26 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4CB76E0EF4 for ; Mon, 23 Oct 2017 11:33:26 +0000 (UTC) Received: from [10.97.195.49] (public-gprs387153.centertel.pl [37.47.143.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id CEDDC33BEC0; Mon, 23 Oct 2017 11:33:23 +0000 (UTC) Date: Mon, 23 Oct 2017 13:33:15 +0200 User-Agent: K-9 Mail for Android In-Reply-To: References: <1508440120.19870.14.camel@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case To: gentoo-dev@lists.gentoo.org,"Robin H. Johnson" From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= Message-ID: <26AE424C-19DF-4059-A7DE-8ED6D605FF2C@gentoo.org> X-Archives-Salt: 155964a4-c8bc-4000-aeb2-ff852af5eee5 X-Archives-Hash: f6df6b440083c3a5db369a124014fa62 Dnia 23 pa=C5=BAdziernika 2017 10:16:38 CEST, "Robin H=2E Johnson" napisa=C5=82(a): >On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote: >> In general I do not mind updating the algorithms used, but I do feel >> it is important to keep at least three present=2E Without at least >three >> (or a larger odd number) it is not possible to break a tie=2E >>=20 >> That may ultimately be beside the point, as any invalid hashes should >> result in the user contacting the developers or doing something else, >> but it is hard to know=2E >I'm dropping the rest of your email about about exactly which hashes >we're bike-shedding, to focus on the number of hashes=2E > >I agree with your opinion to have three hashes present, and I've give a >solid rationale with historical references=2E > >The major reason to have 3 hashes, is as a tie-breaker, to detect if >there was a bug in the hash somehow (implementation, >compiler/assembler, >interpreter), and not the distfile=2E This also strongly suggests that 3 >hashes should have different construction=2E 1=2E How are you planning to distinguish a successful attack against two h= ashes from a bug in one of them? 2=2E Even if you do, what's the value of knowing that? > >It's come up enough times in Gentoo history already=2E Here's 3 of the >instances that came to mind and I could link up with bugs easily=2E I >also >recall an instance where the entire SHA2 family was bitten by a buggy >arch-specific (mips? arm?) GCC patch, but I can't the bug for it=2E > >2006: https://bugs=2Egentoo=2Eorg/121182 >pycrypto RMD160 on ia64 (and many other 64bit arches) >(it also had a big cleanup for the tree as a result: >https://bugs=2Egentoo=2Eorg/121124) > >2009: https://bugs=2Egentoo=2Eorg/255131 >app-crypt/mhash-0=2E9=2E9 segfaults with NULL digest in whirlpool/snefru >(portage uses python-mhash bindings) How is this one relevant? AFAICS it did not cause wrong result=2E > >2012: https://bugs=2Egentoo=2Eorg/406407 >sys-apps/portage-2=2E1=2E10=2E49: internal version of whirlpool algorithm >generates wrong hash > >Since we're going to much newer hashes, I think there is a non-zero >chance we WILL hit errors in the hashes again, and it would be wise to >cover the bases=2E > >This ends up probably looking like: SHA512, BLAKE2B, SHA3_512 --=20 Best regards, Micha=C5=82 G=C3=B3rny (by phone)