| 1 |
Hi, |
| 2 |
|
| 3 |
On Mon, 3 Apr 2017 22:00:15 +0200 |
| 4 |
Dirkjan Ochtman <djc@g.o> wrote: |
| 5 |
|
| 6 |
> First of all, SHA-256 should be safe for all intents and purposes, and |
| 7 |
> for the foreseeable future. This is nothing like Git's usage of SHA-1, |
| 8 |
> which was known to be on the way to brokenville for a long time. I |
| 9 |
> don't think there is a solid reason for deprecating it now. |
| 10 |
> |
| 11 |
> Second, the amount of diversity proposed does not make sense. If |
| 12 |
> asked, I would propose we keep SHA-256 as one of the options and |
| 13 |
> additionally add a SHA3 variant and a BLAKE2 variant as other options. |
| 14 |
> This would provide more than enough diversity. Also totally agreed |
| 15 |
> with Vadim on the obscurity of the GOST algorithms. |
| 16 |
> |
| 17 |
> But, this is the kind of thing where we really should get input from |
| 18 |
> the Security project, so we should get people like Hanno and Kristian |
| 19 |
> involved. |
| 20 |
|
| 21 |
As you specifically asked for my opinion: |
| 22 |
I think there's no reason to doubt the security of any of the sha2 |
| 23 |
hashes (including sha256), any of sha3 or blake2 for the forseeable |
| 24 |
future. (That means counting in many decades - there isn't even a shred |
| 25 |
of evidence sha256 is going to be broken any time soon.) |
| 26 |
There's no point in deprecating anything. |
| 27 |
|
| 28 |
I find it unnecessary to introduce additional complexity here and |
| 29 |
adding obscurity algorithms like gost sounds really bizarre and |
| 30 |
unnecessary. I'd recommend against introducing anything that |
| 31 |
requires unusual dependencies. |
| 32 |
If anything I'd propose to just change to a single hash functio |
| 33 |
|
| 34 |
-- |
| 35 |
Hanno Böck |
| 36 |
https://hboeck.de/ |
| 37 |
|
| 38 |
mail/jabber: hanno@××××××.de |
| 39 |
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 |
Archives