Gentoo Archives: gentoo-dev

From: "Michał Górny" <mgorny@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] proposal: use only one hash function in manifest files
Date: Tue, 05 Apr 2022 14:49:28
In Reply to: [gentoo-dev] proposal: use only one hash function in manifest files by "Jason A. Donenfeld"
1 On Tue, 2022-04-05 at 01:41 +0200, Jason A. Donenfeld wrote:
2 > Hi,
3 >
4 > I'd like to propose the following for portage:
5 >
6 > - Only support one "secure" hash function (such as sha2, sha3, blake2, etc)
7 > - Only generate and parse one hash function in Manifest files
8 > - Remove support for multiple hash functions
9 >
10 > In other words, what are we actually getting by having _both_ SHA2-512
11 > and BLAKE2b for every file in every Manifest? It's not about file
12 > integrity, since certainly a single hash handles that use case fine.
13 > And it's not about security either, since for that we use gpg
14 > signatures, and gpg signatures are carried out over a _single_ hash of
15 > the plain text being hashed, so the security of the system reduces to
16 > breaking SHA2-512 anyway. So, if it's not about file integrity and
17 > it's not about security, what is it about?
19 If you mean "remove entirely", then that's a bad idea. While
20 the original reasons for multiple hash functions might have been, erm,
21 not exactly correct, the dual-hash situation is needed for transitional
22 periods. Particularly because we have a number of fetch-restricted
23 packages where we simply need to wait for someone with the distfile to
24 rehash them (or eventually remove them, if we can't get a new hash).
26 > I don't really care which one we use, so long as it's not already
27 > broken or too obscure/new. So in other words, any one of SHA2-256,
28 > SHA2-512, SHA3, BLAKE2b, BLAKE2s would be fine with me. Can we just
29 > pick one and roll with it?
31 Back when we added BLAKE2b, the idea was to eventually remove SHA512
32 (the previous hash). However, this was rejected afterwards.
34 > PS: there _is_ a good reason for recording the file size in Manifest
35 > files as we do now: it's quicker to compare sizes on large files than
36 > it is to read and hash the whole thing, so this gives us a "free" way
37 > of noticing quick corruption.
39 The primary use of knowing the file size is to know whether to try to
40 resume fetching.
42 --
43 Best regards,
44 Michał Górny


Subject Author
Re: [gentoo-dev] proposal: use only one hash function in manifest files "Jason A. Donenfeld" <zx2c4@g.o>