Gentoo Archives: gentoo-dev

From:	Ulrich Mueller <ulm@g.o>
To:	"Jason A. Donenfeld" <zx2c4@g.o>
Cc:	gentoo-dev@l.g.o, Sam James <sam@g.o>, "Michał Górny" <mgorny@g.o>, Matt Turner <mattst88@g.o>
Subject:	Re: [gentoo-dev] proposal: use only one hash function in manifest files
Date:	Wed, 06 Apr 2022 17:54:28
Message-Id:	`ubkxe3xoc@gentoo.org`
In Reply to:	Re: [gentoo-dev] proposal: use only one hash function in manifest files by "Jason A. Donenfeld"

1	>>>>> On Wed, 06 Apr 2022, Jason A Donenfeld wrote:
2
3	> So I'll spell out the different possibilities:
4
5	> 1) GPG uses SHA-512. Manifest uses SHA-512 and BLAKE2b.
6	> 1a) Possibility: SHA-512 is broken. Result: system broken.
7	> 1b) Possibility: BLAKE2b is broken. Result: nothing.
8
9	> 2) GPG uses SHA-512. Manifest uses SHA-512.
10	> 2a) Possibility: SHA-512 is broken. Result: system broken.
11	> 2b) Possibility: BLAKE2b is broken. Result: nothing.
12
13	> 3) GPG uses SHA-512. Manifest uses BLAKE2b.
14	> 3a) Possibility: SHA-512 is broken. Result: system broken.
15	> 3b) Possibility: BLAKE2b is broken. Result: system broken.
16
17	> See how from a security perspective, (2) is not worse than (1), but
18	> (3) is worse than both (1) and (2)?
19
20	No it isn't. We can replace the top-level signature easily, but
21	replacing all Manifest hashes in the tree is hard (i.e. 1a and 3a are
22	trivial to fix, but 2a and 3b aren't).
23
24	I've said this multiple times now, so I'm out of here.
25
26	Ulrich

File name	MIME type
signature.asc	application/pgp-signature