1 |
On 10/20/2017 11:10 AM, Dirkjan Ochtman wrote: |
2 |
> |
3 |
> I support Hanno's suggestion of doing just SHA512, but would be |
4 |
> interested in hearing opinions from others who have apparent |
5 |
> security/crypto experience. Maybe the Security project can weigh the |
6 |
> suggestions as well? |
7 |
> |
8 |
|
9 |
The whole discussion is moot so long as we don't have OpenPGP signed |
10 |
gentoo repository in rsync. |
11 |
|
12 |
SHA2-512 is generally quicker than sha256 on 64 bit architectures, but |
13 |
considerably slower for some architectures. Introducing a non-optimized |
14 |
keccak on top of it will have a significant negative performance impact |
15 |
for these arches without much security gain. |
16 |
|
17 |
if we still want two separate hashes, the choice of sha2 and sha3 |
18 |
compination is a good one given they are based on separate constructs. |
19 |
|
20 |
But IMHO we should start where things matter and complete an |
21 |
implementation for OpenPGP signatures of MetaManifests in Portage. |
22 |
|
23 |
-- |
24 |
Kristian Fiskerstrand |
25 |
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net |
26 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |