1 |
Hi, everyone. |
2 |
|
3 |
I'd like to open an early discussion and start planning transition to |
4 |
an updated set of Manifest hashes. |
5 |
|
6 |
|
7 |
Current state |
8 |
============= |
9 |
|
10 |
The current hash set includes the three following hashes: |
11 |
- SHA256 (SHA2), |
12 |
- SHA512 (SHA2), |
13 |
- Whirlpool. |
14 |
|
15 |
Of these three hashes, SHA256 is considered 'required' by Portage. All |
16 |
current Manifests in Gentoo include it. |
17 |
|
18 |
SHA512 and Whirlpool are included in the majority of Manifest. |
19 |
The packages missing them are tracked in [1]. |
20 |
|
21 |
There are still some stale hashes present in some Manifests (e.g. |
22 |
RMD160). |
23 |
|
24 |
|
25 |
Supported hash algorithms in package managers |
26 |
============================================= |
27 |
|
28 |
The following hashes are supported by the stable version of Portage, |
29 |
pkgcore and Paludis: MD5, SHA1, SHA256, SHA512, RMD160, WHIRLPOOL. |
30 |
|
31 |
Support for MD5, SHA1, SHA256 and SHA512 in Portage and pkgcore is |
32 |
provided unconditionally by all supported Python versions. For |
33 |
WHIRLPOOL, a fallback implementation is always provided. |
34 |
|
35 |
The following hashes are supported by the current git version of Portage |
36 |
and are on the way of being integrated into pkgcore: BLAKE2B, BLAKE2S, |
37 |
SHA3-256, SHA3-512. They are not currently supported by Paludis. |
38 |
|
39 |
Support for those algorithms is guaranteed in Python 3.6+. Fallbacks for |
40 |
older Python versions are supported -- using pygcrypt, pycryptodome |
41 |
and pysha3 (the last one doesn't include BLAKE2) in Portage; and using |
42 |
pycryptodome in pkgcore. |
43 |
|
44 |
Additionally, the current git version of Portage supports |
45 |
the STREEBOG256 and STREEBOG512 (GOST R 34.11-2012) algorithms. They can |
46 |
be provided either using pygcrypt or pygost modules. |
47 |
|
48 |
Of the listed fallbacks, the following limitations need to be noted: |
49 |
|
50 |
A. pygcrypt requires old cffi, and therefore is not in ::gentoo. I have |
51 |
contacted upstream and they are working on updating it. |
52 |
|
53 |
B. pycryptodome blocks pycrypto, and some packages explicitly require |
54 |
pycrypto (see tracker at [2]). |
55 |
|
56 |
C. pygost is just horrible code-wise, and I've only added it so that we |
57 |
can run tests without any special dependencies. |
58 |
|
59 |
|
60 |
SHA256 deprecation |
61 |
================== |
62 |
|
63 |
I think the first reasonable change would be to deprecate SHA256. It is |
64 |
pretty much the same algorithm as SHA512, except for different |
65 |
parameters. It is weaker than SHA512, and SHA512 is supported on all |
66 |
existing platforms anyway. |
67 |
|
68 |
Therefore, I think the following procedure would apply (please correct |
69 |
me if I'm wrong): |
70 |
|
71 |
1. wait till all remaining blockers of [1] are fixed, |
72 |
|
73 |
2. update the required hash from SHA256 to SHA512 in Portage, |
74 |
|
75 |
3. wait till stable Portage carries the above change + (possibly some |
76 |
upgrade time?), |
77 |
|
78 |
4. remove SHA256 from list of hashes included in Manifests. |
79 |
|
80 |
|
81 |
New hash set |
82 |
============ |
83 |
|
84 |
After deprecating SHA256, the hash list would include only SHA512 |
85 |
and WHIRLPOOL. I think the first one should be kept as a portable |
86 |
required hash, and I'm indifferent to keeping the second one. |
87 |
|
88 |
Of the new hashes, I think it would be the most reasonable to add SHA3- |
89 |
512. It is built-in since Python 3.6+, and multiple implementations are |
90 |
available for older Python versions (cryptography [though I think it |
91 |
doesn't work with current openssl], pycryptodome, pygcrypt, pysha3). |
92 |
|
93 |
The alternative would be to use BLAKE2B hash (which provides similar |
94 |
strength to SHA3-512). However, it provides less fallbacks (no support |
95 |
in libgcypt nor cryptography). |
96 |
|
97 |
For diversity, we could also consider including the Streebog hash |
98 |
(a user has requested it already). However, it seems to be at SHA2 level |
99 |
and does not have any reasonable implementation except for libgcrypt. |
100 |
|
101 |
Therefore, my proposal would be to use the following set once their |
102 |
support reaches the stable version of Portage: |
103 |
|
104 |
manifest-hashes = SHA512 SHA3-512 WHIRLPOOL |
105 |
|
106 |
|
107 |
Your thoughts? |
108 |
|
109 |
|
110 |
|
111 |
[1]:https://bugs.gentoo.org/612716 |
112 |
[2]:https://bugs.gentoo.org/611568 |
113 |
|
114 |
-- |
115 |
Best regards, |
116 |
Michał Górny |