From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8D4B51396D9 for ; Fri, 20 Oct 2017 23:03:53 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 23D872BC03F; Fri, 20 Oct 2017 23:03:48 +0000 (UTC) Received: from mail-ua0-x242.google.com (mail-ua0-x242.google.com [IPv6:2607:f8b0:400c:c08::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C7DD12BC017 for ; Fri, 20 Oct 2017 23:03:47 +0000 (UTC) Received: by mail-ua0-x242.google.com with SMTP id h34so9383758uaa.6 for ; Fri, 20 Oct 2017 16:03:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=cBcT24Pjwq9LmL9W+Vaiok5V6Ydw55kKRR8fTteMPfs=; b=EREWhMGe08P2yJt2m92OGTYG3xZ+tNdbscIOgQlR5JrTI4BRY2LkgRKr+WWIqFQuM0 XQeie2e/GHbTW6cPxN15UPRVJ3Y6ATs9tOMpYlq0KoFn13+bOFGIE0zrrNWfNiEdHVny FwUDPQOz3eQ/oMKtQ+MyR2s8JMVin4Zn2TefezOuzubI3UhUvUUxX1eGsnWbgFmmtD3o 1Oq5mVdqtFXvNFLHbNZGPSZUyNCI8maLgsT3pEDBjj88sNqovRNH2LGzXFXJonqqowoq Gjsfdmn1oKH7+PcPZ755f7d9qWgy+zc7/IAQ1lcb2pwq+JcDbm8FfHV//j9LxzpCQSA1 OB+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=cBcT24Pjwq9LmL9W+Vaiok5V6Ydw55kKRR8fTteMPfs=; b=E6bTrBHOJPO0NQWgkPhYOiFX5CZCOzdzUxbJxptVjLiZQQbMtVnphNTSIRKlkVtavQ XH2+e0iensXplkIt/iv27OX5my+mQEG9jGLhePn1gFhYBnkRDqu8KlSZ8YM1hnRqfnL7 O5sr0P8dbf2ow/GumD6GJO+AkAHY4NrS7O+sDRtoYrfXGZG0c9poo0S05ismTqdXh+HV i3pf92mHJyIO+rrpVTiGmT4CAw8bDiYHmFrJoOoUaXtpM2eDSUHKHewTSjSjdm/C0I4M xZeCmnEqCbtuWoZkwgNASQryd1XLW4rmqBMAiv4pyZcbffjhS0TIDfTCckGDG8EYDKJP a7aQ== X-Gm-Message-State: AMCzsaXkZ1rRUzQidP58tQJRWXMWUJ2xnTCxPBAN8itqVlhzTcJMM0HA +04oR9cirQLy1hfwYeVoRbbo/2rb9cjXzINvkRl/1w== X-Google-Smtp-Source: ABhQp+RgAaoOW3lImfjV3kDTMuSLWMi5HGvThzjLODwflb8WndLN2EM2PKesVr1z2PuAw2LyPPkTtzGlYLjv/1wMV+g= X-Received: by 10.159.63.15 with SMTP id h15mr5558168uaj.156.1508540626552; Fri, 20 Oct 2017 16:03:46 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.159.61.24 with HTTP; Fri, 20 Oct 2017 16:03:06 -0700 (PDT) In-Reply-To: References: <1508440120.19870.14.camel@gentoo.org> <20171020003258.7ad4695b@pc1> From: Gordon Pettey Date: Fri, 20 Oct 2017 18:03:06 -0500 Message-ID: Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th To: gentoo-dev@lists.gentoo.org Content-Type: multipart/alternative; boundary="089e082468bc2cccc3055c027cbd" X-Archives-Salt: fe33f8d9-fe36-4576-824d-d1c4e06d2708 X-Archives-Hash: 8f4eb086358ab29b211d83ac2879ae87 --089e082468bc2cccc3055c027cbd Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Oct 20, 2017 at 5:42 PM, Anton Molyboha wrote: > On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey > wrote: > >> On Thu, Oct 19, 2017 at 5:32 PM, Hanno B=C3=B6ck wrot= e: >> >>> On Thu, 19 Oct 2017 21:08:40 +0200 >>> Micha=C5=82 G=C3=B3rny wrote: >>> >>> > manifest-hashes =3D SHA512 SHA3_512 >>> >>> Counterproposal: Just use SHA512. >>> >>> There isn't any evidence that any SHA2-based hash algorithm is going to >>> be broken any time soon. If that changes there will very likely be >>> decades of warning before a break becomes practical. >>> >>> Having just one hash is simpler and using a well supported one like >>> SHA512 may make things easier than using something that's still not >>> very widely supported. >> >> >> Yet having more than one lets you match make sure nobody hijacked your >> manifest file when an attack vector is inevitably discovered for the old >> new algorithm (whether SHA2, SHA3, or BLAKE2), because you'll be able to >> confirm the file is the same one that matched the old checksum in additi= on >> to the new one. >> > > Would it make sense then to support several hashes but let the user > optionally turn off the verification of some of them, depending on the > user's security vs performance requirements? > I would strongly question whether anybody is actually running emerge (or whatever command that would be using the manifests) on systems that don't have the CPU power to check a few hashes. If the CPU is really that weak, there are likely much more important issues to deal with than what combination of hashing algorithms manifests use. Things like "I should be using pre-built system images because my CPU is orders of magnitude to even do dependency tree calculation in less than a decade"... --089e082468bc2cccc3055c027cbd Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On F= ri, Oct 20, 2017 at 5:42 PM, Anton Molyboha <anton.stay.con= nected@gmail.com> wrote:
On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey <pet= teyg359@gmail.com> wrote:
On Thu, Oct 19, 2017= at 5:32 PM, Hanno B=C3=B6ck <hanno@gentoo.org> wrote:
On Thu, 19 Oct 2017 21:08:40 +0200
Micha=C5=82 G=C3=B3rny <mgorny@gentoo.org> wrote:

>=C2=A0 =C2=A0manifest-hashes =3D SHA512 SHA3_512

Counterproposal: Just use SHA512.

There isn't any evidence that any SHA2-based hash algorithm is going to=
be broken any time soon. If that changes there will very likely be
decades of warning before a break becomes practical.

Having just one hash is simpler and using a well supported one like
SHA512 may make things easier than using something that's still not
very widely supported.

Yet having mo= re than one lets you match make sure nobody hijacked your manifest file whe= n an attack vector is inevitably discovered for the old new algorithm (whet= her SHA2, SHA3, or BLAKE2), because you'll be able to confirm the file = is the same one that matched the old checksum in addition to the new one.

Would it make se= nse then to support several hashes but let the user optionally turn off the= verification of some of them, depending on the user's security vs perf= ormance requirements?
I would stro= ngly question whether anybody is actually running emerge (or whatever comma= nd that would be using the manifests) on systems that don't have the CP= U power to check a few hashes. If the CPU is really that weak, there are li= kely much more important issues to deal with than what combination of hashi= ng algorithms manifests use. Things like "I should be using pre-built = system images because my CPU is orders of magnitude to even do dependency t= ree calculation in less than a decade"...
--089e082468bc2cccc3055c027cbd--