From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id DBBBF1396D9 for ; Sat, 21 Oct 2017 17:37:31 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 240F12BC03A; Sat, 21 Oct 2017 17:37:26 +0000 (UTC) Received: from mail-yw0-x243.google.com (mail-yw0-x243.google.com [IPv6:2607:f8b0:4002:c05::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BA4522BC023 for ; Sat, 21 Oct 2017 17:37:25 +0000 (UTC) Received: by mail-yw0-x243.google.com with SMTP id i198so8872686ywe.7 for ; Sat, 21 Oct 2017 10:37:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=JT53akqLbSlJkUHDs8Kowak+19+PsiYZMeZ9AaIOA2Q=; b=W+4lmbSKCS5jsRESvpPit+aczfWwHlk7KNwcpiEawi9yQ5+lMFiLOKh4fJxf7LtkDl 7Zd2HdZPGlgt6RCCE0eA6Fpjv6xRDYufRlft6q3rhFSpD4gUBFqPS/j/Ds0Mc8WWlInX Z5LrupuKeM2TgpflP7m4mUAiAByO40uaqBkVZmFKsmOfKl6WNV4grNd1IjTOw0jdR1SF hIRCopKZPXQRI/OVuRdN23KUH+vLG+E3s0t6clJF0oY6lVry6IuVYdafV0rnOrXmyXsx yX282Ql3QE6RqlGgq/V4XwKnotiZEcvcuyqRXJFwxlLDLh/CzvbNX9QcoJ5UVF7FX3k/ pi8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=JT53akqLbSlJkUHDs8Kowak+19+PsiYZMeZ9AaIOA2Q=; b=fB+UXO+R2WZ5J7IZV3J6c++ShUm4bOGUOP9Sc/ddSEY6mtFGPbgegT+/49Z2OeJQg0 dUjTh78YJTH/T6+RiweJsttSEvmuXu+H6L4/UHa0voR671qRQ23C2/zlRKYXaqt++7qV IeMFRn7pTmLkH+XT1VGmEjE5KoJvuQkCduOCw00LhInNWg8C5nBFt4y1zldEKNB/6BpE Rg72yVnLmCuz2hAXbzKS+upbQ2HHzJg/n28w+KQazpOgnWdCefRpzL2ZLMNjbO+Dw+mh g+nG58XCa3yuHXMJbsq1/l1ng+VZtnJ/fjSzfTvd+6YyWS/N1spJLDt7asglKCInojZk XoPw== X-Gm-Message-State: AMCzsaXylc8yzqgcdjiI0QhI2FkloSOFEadXVylkOvle8X+gPulYz7m/ eg+vit35bGgC594E5u6x+kRfLTZ3/AJte1Aj+0nP1A== X-Google-Smtp-Source: ABhQp+ShCHy9P8N/rwSYqdvRLpQ3rRSkmMiX7oPbdesZVQPjl0ku85nWEohFUgGefQlH0iTkMLUaviRVWq/n7EJVWvE= X-Received: by 10.37.59.21 with SMTP id i21mr5221070yba.489.1508607444274; Sat, 21 Oct 2017 10:37:24 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.129.153.84 with HTTP; Sat, 21 Oct 2017 10:37:23 -0700 (PDT) In-Reply-To: References: <1508440120.19870.14.camel@gentoo.org> From: R0b0t1 Date: Sat, 21 Oct 2017 12:37:23 -0500 Message-ID: Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: 7fdf0d75-2f27-4732-98e7-0d77f49b13b8 X-Archives-Hash: d039762f19ace4f10aa8a6127f821ca7 On Sat, Oct 21, 2017 at 12:12 PM, R0b0t1 wrote: > On Sat, Oct 21, 2017 at 11:26 AM, Robin H. Johnson wrote: >> On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote: >>> I would like to present my suggestions: >>> >>> SHA512, (RIPEMD160 | WHIRLPOOL | BLAKE2B), (SHA3_512 | BLAKE2B); >>> >>> or more definitively: >>> >>> SHA512, RIPEMD160, BLAKE2B. >> Please do NOT reintroduce RIPEMD160. It was one of the older Portage >> hashes prior to implementation of GLEP059, and was removed because it >> was shown to fall to parts of the same attacks at MD4/MD5 by Wang's >> paper in 2004. >> >> Wang, X. et al. (2004). "Collisions for Hash Functions MD4, MD5, >> HAVAL-128 and RIPEMD", rump session, CRYPTO 2004, Cryptology ePrint >> Archive, Report 2004/199, first version (August 16, 2004), second >> version (August 17, 2004). Available online from: >> http://eprint.iacr.org/2004/199.pdf >> > Also important is that the existence of a constructed collision is not necessarily an indication that the function is weak for real data. > Can anyone defend the transition to two hashes, or is it just based on > speculation? > This thread in particular is the worst case of bikeshedding I have seen on gentoo-dev. No one here is well equipped to evaluate the cryptographic primitives being discussed[1] but there are still many strong opinions and unwarranted suggestions. Respectfully, R0b0t1 [1]: In fairness perhaps no one is, as the cryptography of one particular function takes very intensive study. Most published algorithms are never studied intently until they are adopted. Still, people should be justifying any suggestion by referencing real data or tested deficiencies. Not guessing.