1 |
Hi, |
2 |
|
3 |
On Mon, 3 Apr 2017 22:00:15 +0200 |
4 |
Dirkjan Ochtman <djc@g.o> wrote: |
5 |
|
6 |
> First of all, SHA-256 should be safe for all intents and purposes, and |
7 |
> for the foreseeable future. This is nothing like Git's usage of SHA-1, |
8 |
> which was known to be on the way to brokenville for a long time. I |
9 |
> don't think there is a solid reason for deprecating it now. |
10 |
> |
11 |
> Second, the amount of diversity proposed does not make sense. If |
12 |
> asked, I would propose we keep SHA-256 as one of the options and |
13 |
> additionally add a SHA3 variant and a BLAKE2 variant as other options. |
14 |
> This would provide more than enough diversity. Also totally agreed |
15 |
> with Vadim on the obscurity of the GOST algorithms. |
16 |
> |
17 |
> But, this is the kind of thing where we really should get input from |
18 |
> the Security project, so we should get people like Hanno and Kristian |
19 |
> involved. |
20 |
|
21 |
As you specifically asked for my opinion: |
22 |
I think there's no reason to doubt the security of any of the sha2 |
23 |
hashes (including sha256), any of sha3 or blake2 for the forseeable |
24 |
future. (That means counting in many decades - there isn't even a shred |
25 |
of evidence sha256 is going to be broken any time soon.) |
26 |
There's no point in deprecating anything. |
27 |
|
28 |
I find it unnecessary to introduce additional complexity here and |
29 |
adding obscurity algorithms like gost sounds really bizarre and |
30 |
unnecessary. I'd recommend against introducing anything that |
31 |
requires unusual dependencies. |
32 |
If anything I'd propose to just change to a single hash functio |
33 |
|
34 |
-- |
35 |
Hanno Böck |
36 |
https://hboeck.de/ |
37 |
|
38 |
mail/jabber: hanno@××××××.de |
39 |
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 |