Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: "Tiziano Müller" <dev-zero@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [RFC] DIGESTS metadata variable for cache validation
Date: Sun, 08 Feb 2009 08:07:54
Message-Id: 1234080464.24784.2517.camel@localhost
In Reply to: Re: [gentoo-dev] [RFC] DIGESTS metadata variable for cache validation by Zac Medico
1 Am Samstag, den 07.02.2009, 15:23 -0800 schrieb Zac Medico:
2 > -----BEGIN PGP SIGNED MESSAGE-----
3 > Hash: SHA1
4 >
5 > Tiziano Müller wrote:
6 > > Am Montag, den 02.02.2009, 12:34 -0800 schrieb Zac Medico:
7 > >> For the digest format, I suggest that we use the leftmost 10
8 > >> hexadecimal digits of the SHA-1 digest. The rationale for limiting
9 > >> it to 10 digits (out of 40) is to save space. Due to the avalanche
10 > >> effect [2], 10 digits should be sufficient to ensure that problems
11 > >> resulting from hash collisions are extremely unlikely.
12 > > I'd recommend to prefix the digest with a "{TYPE}" (like for hashed
13 > > passwords) to be able to change the digest algorithm as needed
14 > > (especially in regards to the current SHA successor competition).
15 > > This allows a future package manager which might use SHA-3 for hashing
16 > > (once it's released) to still check old digests. Furthermore it would
17 > > allow for easier transition and only needs a definition of allowed
18 > > hashes instead of a specific one.
19 >
20 > I like that idea. That way it's not necessary to bump the EAPI in
21 > order to change the hash function. So, a typical DIGESTS value might
22 > look like this:
23 >
24 > SHA1 02021be38b a28b191904 3992945426 6ec21b29a3
25
26 Sleeping over it again I don't think that truncating a hash is a good
27 idea (truncating it from 40 to 10 digits makes the possibility of
28 collisions much much higher).
29 But if you want to go this way, I'd say you should use something like
30 SHA1t (t for truncated) to make sure we can use full hashes once we feel
31 it's appropriate.
32
33 --
34 -------------------------------------------------------
35 Tiziano Müller
36 Gentoo Linux Developer, Council Member
37 Areas of responsibility:
38 Samba, PostgreSQL, CPP, Python, sysadmin
39 E-Mail : dev-zero@g.o
40 GnuPG FP : F327 283A E769 2E36 18D5 4DE2 1B05 6A63 AE9C 1E30

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-dev] [RFC] DIGESTS metadata variable for cache validation Zac Medico <zmedico@g.o>
Report Message
Find on MARC Find on Google Groups