1 |
On Mon, Apr 3, 2017 at 7:09 PM, Michał Górny <mgorny@g.o> wrote: |
2 |
> Your thoughts? |
3 |
|
4 |
This seems pretty hasty. |
5 |
|
6 |
First of all, SHA-256 should be safe for all intents and purposes, and |
7 |
for the foreseeable future. This is nothing like Git's usage of SHA-1, |
8 |
which was known to be on the way to brokenville for a long time. I |
9 |
don't think there is a solid reason for deprecating it now. |
10 |
|
11 |
Second, the amount of diversity proposed does not make sense. If |
12 |
asked, I would propose we keep SHA-256 as one of the options and |
13 |
additionally add a SHA3 variant and a BLAKE2 variant as other options. |
14 |
This would provide more than enough diversity. Also totally agreed |
15 |
with Vadim on the obscurity of the GOST algorithms. |
16 |
|
17 |
But, this is the kind of thing where we really should get input from |
18 |
the Security project, so we should get people like Hanno and Kristian |
19 |
involved. |
20 |
|
21 |
Third, I don't much trust the security record of the python libraries |
22 |
mentioned. cryptography is the best Python library for crypto by far, |
23 |
and I think we should use it exclusively for anything Python doesn't |
24 |
provide in the stdlib. The PyCrypto security record is not exactly |
25 |
stellar IIRC, and since pycryptodome is a fork of it, I don't trust it |
26 |
that much, either. |
27 |
|
28 |
But mainly, please, I think we should leave the security-sensitive |
29 |
decisions to people with more security expertise. |
30 |
|
31 |
Cheers, |
32 |
|
33 |
Dirkjan |