From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 563271396D9 for ; Fri, 20 Oct 2017 22:43:03 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 92C282BC04B; Fri, 20 Oct 2017 22:42:57 +0000 (UTC) Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1D7812BC021 for ; Fri, 20 Oct 2017 22:42:57 +0000 (UTC) Received: by mail-wm0-x22d.google.com with SMTP id q124so435842wmb.0 for ; Fri, 20 Oct 2017 15:42:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=t0KXgCsHCGD0E4vrZypXYMkJ7W3T0RPJimFU1X9VLrs=; b=ni4fqLV3QIOn41RJGLn81VrWvticjABSLCPH45dObTYNsNGe7NWBMLf/7Kp2nv6Bk+ QrPmxofiWSlVHaGRy06ez22PsCZp3Uuogw3Sw0X1zK2clYXP3DFP1wnRkGnSeBzHIdDH RkpwxGykPtk6Y1VuXwuk47WZmvE3F+BQpOIIcgopvXj+3p3SHyiVjZo+39YGynfiKAaL ADg06MCD03LlRwSr4uo3+CGjUnu7Zvgkwz5F9+6pnCrALqlquuHReqY7TTgG+TWYIaun 6DYi8jyN68Ao8fKe1BzHzT0Yl4QxsEHIJi2AhE0Kt2vyl4rigXuv2wrjvGVssaZ1p0sG 8Lsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=t0KXgCsHCGD0E4vrZypXYMkJ7W3T0RPJimFU1X9VLrs=; b=ec0VxNfGMA9cw2af2CE6d3Zaf1R/YhTgt3Y+S1eWd4XcNWAB4dGN1PzSGDQX+qtnrG KFiJt9HF+oMsA+F6YpQBSIMsBj4wIGSPyoRVpLCZT02SMf5Ynit0sqZ7i/quQbl1yiaq hQplWuguJeOUnUWptpVdbfQfkyJxcQ2uswqY0/lx7q9I53nPFpvltf/l1Q3SpCWE/hBI 5qnwnyutgScaqyNf5mavyeS4dkBzNsqJLrl4SqteFNX/0n728H2izx5VVMF5FQjwr2wn xqZPrd7+lZKfk7Nkq+ihtXSEFUia3bclZ4HQf7BM5JdnWnOmi5z+4oT4Mjz9ZNLB83in ki5Q== X-Gm-Message-State: AMCzsaXaQmxfTXBKxWMDTnInfrV+ldbs61LNHV1CZ5F6ilLo997r/ZNu SNE+MMBnBYWQ5/5Zdo/lAC4opI5VhZMSR7LsQ0w= X-Google-Smtp-Source: ABhQp+STkh96YdvR9S6ZLmv2jx8IELtRm2eMNEQDdZx3rMxEtMbGlCfktMa4kGoOLk6k23tK6MfOXiP1EsiXnFW2RGY= X-Received: by 10.28.15.5 with SMTP id 5mr220592wmp.43.1508539375717; Fri, 20 Oct 2017 15:42:55 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.223.151.222 with HTTP; Fri, 20 Oct 2017 15:42:55 -0700 (PDT) In-Reply-To: References: <1508440120.19870.14.camel@gentoo.org> <20171020003258.7ad4695b@pc1> From: Anton Molyboha Date: Fri, 20 Oct 2017 18:42:55 -0400 Message-ID: Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th To: gentoo-dev@lists.gentoo.org Content-Type: multipart/alternative; boundary="001a114742609e9305055c0231c2" X-Archives-Salt: a01b3387-bb7c-41a8-a864-7a7257aae3af X-Archives-Hash: 5f32c983d030dcd7c96b2163dee79b1c --001a114742609e9305055c0231c2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey wrote= : > On Thu, Oct 19, 2017 at 5:32 PM, Hanno B=C3=B6ck wrote= : > >> On Thu, 19 Oct 2017 21:08:40 +0200 >> Micha=C5=82 G=C3=B3rny wrote: >> >> > manifest-hashes =3D SHA512 SHA3_512 >> >> Counterproposal: Just use SHA512. >> >> There isn't any evidence that any SHA2-based hash algorithm is going to >> be broken any time soon. If that changes there will very likely be >> decades of warning before a break becomes practical. >> >> Having just one hash is simpler and using a well supported one like >> SHA512 may make things easier than using something that's still not >> very widely supported. > > > Yet having more than one lets you match make sure nobody hijacked your > manifest file when an attack vector is inevitably discovered for the old > new algorithm (whether SHA2, SHA3, or BLAKE2), because you'll be able to > confirm the file is the same one that matched the old checksum in additio= n > to the new one. > Would it make sense then to support several hashes but let the user optionally turn off the verification of some of them, depending on the user's security vs performance requirements? --=20 Anton --001a114742609e9305055c0231c2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey <petteyg359@gmail.co= m> wrote:
=
On T= hu, Oct 19, 2017 at 5:32 PM, Hanno B=C3=B6ck <hanno@gentoo.org> wrote:
On Thu, 19 Oct 2017 21:08:40 += 0200
Micha=C5=82 G=C3=B3rny <mgorny@gentoo.org> wrote:

>=C2=A0 =C2=A0manifest-hashes =3D SHA512 SHA3_512

Counterproposal: Just use SHA512.

There isn't any evidence that any SHA2-based hash algorithm is going to=
be broken any time soon. If that changes there will very likely be
decades of warning before a break becomes practical.

Having just one hash is simpler and using a well supported one like
SHA512 may make things easier than using something that's still not
very widely supported.

Yet having mo= re than one lets you match make sure nobody hijacked your manifest file whe= n an attack vector is inevitably discovered for the old new algorithm (whet= her SHA2, SHA3, or BLAKE2), because you'll be able to confirm the file = is the same one that matched the old checksum in addition to the new one.

Would it make se= nse then to support several hashes but let the user optionally turn off the= verification of some of them, depending on the user's security vs perf= ormance requirements?

--
Anton
<= /div>

--001a114742609e9305055c0231c2--