From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 542A51396D9 for ; Mon, 23 Oct 2017 08:16:54 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A83CF2BC094; Mon, 23 Oct 2017 08:16:41 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 489162BC08D for ; Mon, 23 Oct 2017 08:16:41 +0000 (UTC) Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 3676E33C6B6 for ; Mon, 23 Oct 2017 08:16:40 +0000 (UTC) Received: (qmail 21945 invoked by uid 10000); 23 Oct 2017 08:16:38 -0000 Date: Mon, 23 Oct 2017 08:16:38 +0000 From: "Robin H. Johnson" To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case Message-ID: References: <1508440120.19870.14.camel@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="nVYOjVWOcH+Ezkzp" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.8.2 (2017-04-18) X-Archives-Salt: fac67abe-0af3-4d84-8b1c-d4477d783b40 X-Archives-Hash: d70a90916e03d973975c464bc78a6d2a --nVYOjVWOcH+Ezkzp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote: > In general I do not mind updating the algorithms used, but I do feel > it is important to keep at least three present. Without at least three > (or a larger odd number) it is not possible to break a tie. >=20 > That may ultimately be beside the point, as any invalid hashes should > result in the user contacting the developers or doing something else, > but it is hard to know. I'm dropping the rest of your email about about exactly which hashes we're bike-shedding, to focus on the number of hashes. I agree with your opinion to have three hashes present, and I've give a solid rationale with historical references. The major reason to have 3 hashes, is as a tie-breaker, to detect if there was a bug in the hash somehow (implementation, compiler/assembler, interpreter), and not the distfile. This also strongly suggests that 3 hashes should have different construction. It's come up enough times in Gentoo history already. Here's 3 of the instances that came to mind and I could link up with bugs easily. I also recall an instance where the entire SHA2 family was bitten by a buggy arch-specific (mips? arm?) GCC patch, but I can't the bug for it. 2006: https://bugs.gentoo.org/121182 pycrypto RMD160 on ia64 (and many other 64bit arches) (it also had a big cleanup for the tree as a result: https://bugs.gentoo.or= g/121124) 2009: https://bugs.gentoo.org/255131 app-crypt/mhash-0.9.9 segfaults with NULL digest in whirlpool/snefru (portage uses python-mhash bindings) 2012: https://bugs.gentoo.org/406407 sys-apps/portage-2.1.10.49: internal version of whirlpool algorithm generat= es wrong hash Since we're going to much newer hashes, I think there is a non-zero chance we WILL hit errors in the hashes again, and it would be wise to cover the bases. This ends up probably looking like: SHA512, BLAKE2B, SHA3_512 --=20 Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Asst. Treasurer E-Mail : robbat2@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 --nVYOjVWOcH+Ezkzp Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Robbat2 @ Orbis-Terrarum Networks - The text below is a digital signature. If it doesn't make any sense to you, ignore it. iQKTBAEBCgB9FiEEveu2pS8Vb98xaNkRGTlfI8WIJsQFAlntpWVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEJE RUJCNkE1MkYxNTZGREYzMTY4RDkxMTE5Mzk1RjIzQzU4ODI2QzQACgkQGTlfI8WI JsQ1ag//cSGN+DriUFCRgnFTopFzMICiMvpYnrYIua5D18lknopSMvPY2MnqaFpm 9bt5dKwG6WhJN5/cKGP9k9IY7/DpX/QJvYcXyBYs3s+9d4evX1eUEmwYrbrGsS1y C7RlzMeL0jyrt77O6hIYJk0cbhbGrVFSy1jZpzxm/T4dZqkw6rTZlD1E5I3l3n7B c+6ICNB/1BtxCMZYBjd1WspA6g/Y9kuv6to6hZUsV9fGN9kJ+tjvAdBmXZqRx+zN ditR1tXlap3+AmZhLND78hog7Ks0MhuDcdPKR+mS+ohtSGCZ/Nc+yL6gsUQrGsmO u5cNi+s5++fr7UuofspPm0HVsWPs3mvQ6Z2Eu6VY5yz20/K29FCbPPR0EMPF+RCl Ja/2PkF6VDsu4sHvZOBVFgOFBbadtvMuctLWMFBG2nWS0LGJ+NJd4jQ7ywnZGpH7 OC5H+vlUIgCxpDQrebcNjHLuM362AWBhuMKJzGVI/FdLxyF2HIIUE9HHlvxh7JX3 xLgeghcK0wA4gF/SKaajPvB5JTfAc6P4RgPnehBwmBUkhklUjFaf84lk9aPIJjV3 G7Yl7tWT9k1HohzOSG7EhS81KufbRX1HKem+shn/+DliJSsMUx23toonxOexFr7b TBg5L6YHvTN97S2Sjkg6qxhNVbVALG7qYkL6lc/qNpaZzmlHPsI= =qc4d -----END PGP SIGNATURE----- --nVYOjVWOcH+Ezkzp--