Gentoo Archives: gentoo-dev

From: "Jason A. Donenfeld" <zx2c4@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] proposal: use only one hash function in manifest files
Date: Mon, 04 Apr 2022 23:42:19
1 Hi,
3 I'd like to propose the following for portage:
5 - Only support one "secure" hash function (such as sha2, sha3, blake2, etc)
6 - Only generate and parse one hash function in Manifest files
7 - Remove support for multiple hash functions
9 In other words, what are we actually getting by having _both_ SHA2-512
10 and BLAKE2b for every file in every Manifest? It's not about file
11 integrity, since certainly a single hash handles that use case fine.
12 And it's not about security either, since for that we use gpg
13 signatures, and gpg signatures are carried out over a _single_ hash of
14 the plain text being hashed, so the security of the system reduces to
15 breaking SHA2-512 anyway. So, if it's not about file integrity and
16 it's not about security, what is it about?
18 I don't really care which one we use, so long as it's not already
19 broken or too obscure/new. So in other words, any one of SHA2-256,
20 SHA2-512, SHA3, BLAKE2b, BLAKE2s would be fine with me. Can we just
21 pick one and roll with it?
23 Jason
25 PS: there _is_ a good reason for recording the file size in Manifest
26 files as we do now: it's quicker to compare sizes on large files than
27 it is to read and hash the whole thing, so this gives us a "free" way
28 of noticing quick corruption.