From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 509B01396D9 for ; Sat, 21 Oct 2017 01:21:40 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E72002BC03F; Sat, 21 Oct 2017 01:21:34 +0000 (UTC) Received: from mail-yw0-x236.google.com (mail-yw0-x236.google.com [IPv6:2607:f8b0:4002:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 918D82BC007 for ; Sat, 21 Oct 2017 01:21:34 +0000 (UTC) Received: by mail-yw0-x236.google.com with SMTP id w5so7834812ywg.11 for ; Fri, 20 Oct 2017 18:21:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=Jbs0HvamopQBVHT4OV1viXBzEVxuiePDWmlAaQNHi40=; b=p/1aPn4XdP60zWC4o8/+BST9df4GgyHU1Ndc1OhUcDUKV8lrh0JNa78gWE9ydePsdb /h2L/vI14zW1/BT9/MVffDV6k9e1tzpgPNR1hG/QfR2vHRGkU+vcJ5Rq2O0klsHzVcrf 6zLqTyvwoTkLxuUpBzZC2jX9E9GoGCoVetETFSuoq4288ewlhmZOb+Z41FvtuZ2eokt3 +j3aWsrk4BI1GQXiNo+7gdNjrzIsKnA0ICFGcgslL7649J4I2+a5yCLjmwQ0yTYlK8gF fgKxslZW155tuv0D8z9FNLLpIMcUcHTGgusRSgM4v4cFF+gDi9rZ2no/pVEBrSFI8F5p OLpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-transfer-encoding; bh=Jbs0HvamopQBVHT4OV1viXBzEVxuiePDWmlAaQNHi40=; b=ovFQ1XnpWQVlv7onm528Cc5N9I35G/ySIo41didKavHY13BwLnokyoF55neL6O1Av1 Z9+YwijK7htpDKCpolXzi00CCO3OJ68vCTMG9DZwAkTzxmTzdaafgoLv8giy+S2EzS2f Bwy+vgzk61V9qPKExNovspWIpqceTgo0aBX5UTSO6OwX9A56QESZXOp1gQaSJYAcQLOj LprckJkks9cjSNa8q6nTY1jY8frzxOGqYTB+SR0I95EDXEoJY1Vhmq8yxrdakLVEV7jX zuvOGf+6pp/VrraZ2L3nnDW2YVcYq4LW3LEN9OVujQG74W0z/+tss3enyuou4bxUSaLy UyWw== X-Gm-Message-State: AMCzsaV5v8qdEuSXIiW91HgkRvkHQRQSIG1Yjjg+qBNDbjeMiJisuNRG xDF0CC7IEmdRbD0EVWMVhldfq77TRTH7GLjIdndGGQ== X-Google-Smtp-Source: ABhQp+RSa6+XGpnPaLnMhkD5b9Ylv/yJHKC0Hj4AYedkSmjrDwLPfw7lvbL362FPUivDi4JIRzXWDp1QQQ45SO5fh8I= X-Received: by 10.37.209.142 with SMTP id i136mr4194163ybg.70.1508548893238; Fri, 20 Oct 2017 18:21:33 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.129.153.84 with HTTP; Fri, 20 Oct 2017 18:21:32 -0700 (PDT) In-Reply-To: <1508542710.6784.2.camel@gentoo.org> References: <1508440120.19870.14.camel@gentoo.org> <1508446837.29653.1.camel@gentoo.org> <1508542710.6784.2.camel@gentoo.org> From: R0b0t1 Date: Fri, 20 Oct 2017 20:21:32 -0500 Message-ID: Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Archives-Salt: f985e321-b317-41c7-8c4f-ef74adba7abf X-Archives-Hash: 09b686cf9004642907b527fa9d31d5d2 Hello, I missed some messages in the time I wrote my reply. This also touches on some of the points in Mr. G=C3=B3rny's other message about time. On Fri, Oct 20, 2017 at 6:38 PM, Micha=C5=82 G=C3=B3rny = wrote: > W dniu pi=C4=85, 20.10.2017 o godzinie 00=E2=88=B620=E2=80=89+0200, u=C5= =BCytkownik Francesco > Riosa napisa=C5=82: >> 2017-10-19 23:00 GMT+02:00 Micha=C5=82 G=C3=B3rny : >> >> > W dniu czw, 19.10.2017 o godzinie 21=E2=88=B608 +0200, u=C5=BCytkownik= Micha=C5=82 G=C3=B3rny >> > napisa=C5=82: >> > > >> > > 4. The new hashes that are stronger and commonly available are >> > > SHA3/Keccak (using sponges) and BLAKE2 (HAIFA). Both are diverse fro= m >> > > our current algorithms, so either is a good candidate. The choice of >> > > Keccak is purely arbitrary (because it's the winner?). >> > > >> > >> > Actually, a small correction here: we support more implementations >> > of SHA3 than BLAKE2, so the first one is less problematic for us. >> > >> >> Not researched in depth but: >> B2sum provided by coreutils is quite satisfacting*, it's pretty fast, wh= ile >> sha-3 is deemed to be slower than sha-2, maybe this could be weighted wh= ile >> choosing the algorithm wanted. >> >> Both seem to take advantage of modern multicore CPUs but sha-3 does 11.7 >> [cpb]#0 (see #1) while an email seen on the internet say blake2 can reac= h 1 >> [cpb] (see #2) >> >> #0 cpb =3D cpu cycles per byte >> #1 https://en.wikipedia.org/wiki/SHA-3#Speed >> #2 http://www.metzdowd.com/pipermail/cryptography/2016-May/029297.html >> * (in my limited experience) > > I've taken a closer look at BLAKE2 possibilities, and it seems that it's > going to be our choice after all. I'm adding dev-python/pyblake2 > as a fallback implementation now. > > Curious enough, after disabling the 'optimized' SSE2 assembly, the plain > register implementation is 2.5 times faster than the SSE2 implementation > that is used by default, and two times faster than the built-in SHA2 > implementation in Python. > It is likely that the register implementation makes better use of the data and instruction cache and processor instruction pipeline. For a similar reason, functions with larger block sizes tend to run more slowly over the same amount of data than their counterparts with smaller block sizes. If speed truly is crucial then it may be a better idea to use one very strong hash function and two weaker but faster hash functions. This is why I recommended RIPEMD160. If BLAKE2B is used, it may be possible to switch SHA512 for SHA256. It seems important to me to use three hash functions. Again, though, I think it needs to be pointed out that on slower machines the hash time is on the order of tens of seconds. This should be negligible compared to the build time. Cheers, R0b0t1