1 |
Hi, |
2 |
|
3 |
On Wed, 25 Oct 2017 02:40:58 +0000 |
4 |
"Robin H. Johnson" <robbat2@g.o> wrote: |
5 |
|
6 |
> At that point, and this is a serious proposal: |
7 |
> The package manager shall decide which hashes to check, but is |
8 |
> required to check at least one hash. The choice may be 'fastest', |
9 |
> 'most secure', or any local factor. |
10 |
|
11 |
Sorry to contribute again to the bikeshedding, but I'd really like to |
12 |
get one thought across here: |
13 |
Good security includes reducing complexity. Tough (as evident by this |
14 |
thread) it's a thought many people find hard to accept. |
15 |
|
16 |
I don't think this is most important in this discussion, but I feel |
17 |
it's something people should keep in mind also for other decisions to |
18 |
be made. |
19 |
|
20 |
This thread is going into a completely different direction and I find |
21 |
that worriesome. We have two non-problems ("what if secure hash X gets |
22 |
broken?" and "what if it's too slow? I haven't benchmarked, but what if |
23 |
it's too slow??") and people proposing increasingly complex solutions. |
24 |
|
25 |
If you do what you propose my worries aren't that any hash gets broken |
26 |
or that it's too slow. It's that some bug will chime in where in some |
27 |
situation no hash gets checked whatsoever. |
28 |
|
29 |
Having more than one hash is already unneeded complexity. Nobody does |
30 |
that. TLS signatures use one hash. GPG signatures uses one hash. Signal |
31 |
uses one hash. I'm not aware of any credible cryptographic product that |
32 |
feels the need to have multiple hashes concatenated. (The only real |
33 |
example I'm aware of is old TLS versions who chose to concat two |
34 |
insecure hashes - MD5+sha1 - which obviously wasn't the smartest idea |
35 |
either, but one can credibly say they didn't know better back then.) |
36 |
|
37 |
Having a situation where one can either check one hash or multiple and |
38 |
add configurability around that is another step of adding unneeded |
39 |
complexity. |
40 |
|
41 |
|
42 |
Also one more comment about the issue with potentially buggy Hash |
43 |
implementations: I feel this is a software testing problem rather than |
44 |
anything that should influence our package manager format or be tested |
45 |
at runtime. Add a self-test of hash functions with a large batch of |
46 |
test vectors that you can easily run. |
47 |
|
48 |
-- |
49 |
Hanno Böck |
50 |
https://hboeck.de/ |
51 |
|
52 |
mail/jabber: hanno@××××××.de |
53 |
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 |