From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C2C7B1396D9 for ; Sat, 21 Oct 2017 17:12:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 346BF2BC034; Sat, 21 Oct 2017 17:12:47 +0000 (UTC) Received: from mail-yw0-x243.google.com (mail-yw0-x243.google.com [IPv6:2607:f8b0:4002:c05::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id CF45C2BC027 for ; Sat, 21 Oct 2017 17:12:46 +0000 (UTC) Received: by mail-yw0-x243.google.com with SMTP id t71so8833500ywc.3 for ; Sat, 21 Oct 2017 10:12:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=hxRCqAy8ZeyuGvgIoLNDzrzb4sbBwEkEjrdkfH2qCLk=; b=DlrNyuaMvuZnisjuxTX5/pkp2+FuwyMemk5rKBIg14nD1KQqoE/If15rE3Gx5aqu2q BWuGRabN/G80A2OLpoXjvBrd0CHev17OOSeU3dYwG1ZUp4tcYUlG8a242weeq+VhuHpV OphJYgy2LgH8anDH/cZn5yzvznhH2eyBF4JwNtZj2rSZcxbo41KVqbVJ0YhBY7eUESq1 2EJHaoV+9BdqVV6NJpUDrzW7C36W8JRfsobwpOYuxGC/+j2TdaD+y9WpPvKZ5Ob0ENaf mGsqJH0Sz+A8kTebt/6B7zThv1z0T362YWUxkAEWO8ZgVgrtVP14bs+OxpNCELuYAdNO GTrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=hxRCqAy8ZeyuGvgIoLNDzrzb4sbBwEkEjrdkfH2qCLk=; b=gZ52Arn79hqPcz8X/RpCcmy86mt5MjR/UMh0uJ6lPFxsZt+/glYujjDyW4X8YO2U4m bZl0sqF7xweZIzNxtJWdlmLfkYM6dCxCmvfkHlCRTjx3mTFGbdl4Ihd9Fuo5w1UGVWZN 1c8G12sEB3Qsc9ArbAT1+27VGKIo1YpVHGNj0wYz70mFH9ACFICVZFwjMx9FRQmivGn4 0Q9uxYEY3j2+F1DomnKvFml4RMJ0I6wvISHBgjcvCXFvIuEDSjmOGskjNywphJZGDu7X fEvflTZiN424Ug6XZngL+8KcEGTgWca0WhesnbiF00ERU95HbIRaR+0c4o5k8/orrd1/ xyTw== X-Gm-Message-State: AMCzsaX8SWHxDGIutdWVy9clFo59hYhm0nMzeCoFomRSGXcecI2rBFQW g08eUZlXpVn1rsdHzuDkMdvHLhXtoyATC8mq86Y= X-Google-Smtp-Source: ABhQp+QmWupYmZuWTIvabF3Q8GDrzdoFzVzvplipuy0zPbMaffqD9agiaqGxeRp9ZicXlLvN6VRX30zX3Nc8gyqtjtc= X-Received: by 10.129.103.66 with SMTP id b63mr5531857ywc.250.1508605965245; Sat, 21 Oct 2017 10:12:45 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.129.153.84 with HTTP; Sat, 21 Oct 2017 10:12:44 -0700 (PDT) In-Reply-To: References: <1508440120.19870.14.camel@gentoo.org> From: R0b0t1 Date: Sat, 21 Oct 2017 12:12:44 -0500 Message-ID: Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: cdb502da-ffc1-441b-a0a7-5201890b100e X-Archives-Hash: ee014e4976d101f0406f2b3bfe6d47cc On Sat, Oct 21, 2017 at 11:26 AM, Robin H. Johnson wrote: > On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote: >> I would like to present my suggestions: >> >> SHA512, (RIPEMD160 | WHIRLPOOL | BLAKE2B), (SHA3_512 | BLAKE2B); >> >> or more definitively: >> >> SHA512, RIPEMD160, BLAKE2B. > Please do NOT reintroduce RIPEMD160. It was one of the older Portage > hashes prior to implementation of GLEP059, and was removed because it > was shown to fall to parts of the same attacks at MD4/MD5 by Wang's > paper in 2004. > > Wang, X. et al. (2004). "Collisions for Hash Functions MD4, MD5, > HAVAL-128 and RIPEMD", rump session, CRYPTO 2004, Cryptology ePrint > Archive, Report 2004/199, first version (August 16, 2004), second > version (August 17, 2004). Available online from: > http://eprint.iacr.org/2004/199.pdf > That is precisely why I didn't suggest it be used on its own (see note about extant use of MD5), and why I gave alternatives. If it is desired that the hashes be computed quickly then weaker hashes will need to be used. One usually can't have both security and speed. Can anyone defend the transition to two hashes, or is it just based on speculation? People are discussing collision resistance, but no one here appears to be trained in cryptography. The only reasonable solution in that case is not to rely on the particular mostly unknowable merits of an algorithm, but the hardness of a successful collision of multiple functions at the same time. *If* collision resistance is important, and *if* no one here can evaluate any of the algorithms intensively by themselves, then *why* are two hashes going to be used instead of three? That is making the system much weaker than it was.