| 1 |
Replying to your original question here, to repeat the answer I emphasised |
| 2 |
before, along with significantly more detail in the history of Portage hashes |
| 3 |
(pulled from my notes back to GLEP57 and some minor updates). |
| 4 |
|
| 5 |
On Wed, Nov 08, 2017 at 12:57:49PM -0600, R0b0t1 wrote: |
| 6 |
> These posts are concerning because it looks like someone became stir |
| 7 |
> crazy and invented a problem to solve. The changes proposed to date |
| 8 |
> have remained poorly justified, and no one has addressed the concern |
| 9 |
> that multiple hashes *is* actually more secure. |
| 10 |
> |
| 11 |
> If it was deemed necessary at one point, what justification was used? |
| 12 |
> I.e. https://en.wikipedia.org/wiki/Wikipedia:Chesterton's_fence. |
| 13 |
On Wed, Nov 15, 2017 at 11:47:41AM -0600, R0b0t1 wrote: |
| 14 |
> Does the existence of a decision mean I would need to contact the trustees |
| 15 |
> if I feel the changes have not been adequately justified? |
| 16 |
|
| 17 |
In GLEP59, I referenced a paper by Joux [J04], in which it was shown that a |
| 18 |
concatenation of multiple hashes is NOT much more secure against collisions |
| 19 |
than the strongest of the individual hashes. |
| 20 |
|
| 21 |
That was cited as original logic in GLEP59 for the removal of SHA256 (that |
| 22 |
removal was never implemented). WHIRLPOOL & SHA512 were kept out of an |
| 23 |
abundance of caution at the time, mostly to implementation bugs in hashes (as I |
| 24 |
have referenced in the related threads since). |
| 25 |
|
| 26 |
Your logic regarding removing something you think I don't understand is wrong |
| 27 |
(Chesterton's Fence): |
| 28 |
|
| 29 |
If you dig in the history of Portage, you will see that it's always been valid, |
| 30 |
to have just a SINGLE hash for each file in a Manifest. Required hashes has |
| 31 |
NEVER contained more than one hash. |
| 32 |
|
| 33 |
If multiple hashes are present, then Portage will validate all of them, but a |
| 34 |
potential attacker can still modify the Manifest and have only a single hash |
| 35 |
listed. Exactly which hash MUST be present has changed over time. |
| 36 |
|
| 37 |
Manifest1 is very old, and was stored in $CAT/$PN/files/digest-$P |
| 38 |
Manifest2 is the current $CAT/$PN/Manifest (and soon in more locations per MetaManifest). |
| 39 |
|
| 40 |
1999/xx/xx: Portage starts with Manifest1 format, MD5-only (CVS) |
| 41 |
2004/08/25: Portage gets SHA1 support in Manifest1, but is problematic, SHA1 generation manual only. |
| 42 |
https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-src/portage/pym/portage_checksum.py?revision=1.1&view=markup |
| 43 |
https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-src/portage/pym/portage.py?r1=1.485&r2=1.486 |
| 44 |
2005/12/19: Portage Manifest1 supports MD5,SHA1,SHA256,RMD160, but still requires only a single hash present. Generates MD5+SHA256+RMD160. |
| 45 |
https://gitweb.gentoo.org/proj/portage.git/commit/?id=cd3e3775966a9f58aebb91f58cbdb5903faad3de |
| 46 |
2006/03/24: Manifest2 introduced. |
| 47 |
https://gitweb.gentoo.org/proj/portage.git/commit/?id=f993747ca501e8a70d6f6174711149a172cfc3c2 |
| 48 |
2007/01/20: MANIFEST2_REQUIRED_HASH introduced, SHA1, it must be present & pass |
| 49 |
https://gitweb.gentoo.org/proj/portage.git/commit/?id=e768571187d1655fbb558c23d61fa2983e48e411 |
| 50 |
2007/12/18: MANIFEST1_REQUIRED_HASH introduced, MD5, it must be present & pass |
| 51 |
https://gitweb.gentoo.org/proj/portage.git/commit/?id=d9b10deaa03ce174d5ccc3b59c477549ad87e884 |
| 52 |
2008/02/28: Manifest1 support dropped. |
| 53 |
https://gitweb.gentoo.org/proj/portage.git/commit/?id=66940e1f2f0549ee8f01dad59016e168105e193d |
| 54 |
2011/10/02: GLEP59 implemented, MANIFEST2_REQUIRED_HASH changes to SHA256 |
| 55 |
https://gitweb.gentoo.org/proj/portage.git/commit/?id=c8cd3a985cc529299411d7343a11004b7d1330ef |
| 56 |
2017/06/15: MANIFEST2_REQUIRED_HASH changes to SHA512 |
| 57 |
https://gitweb.gentoo.org/proj/portage.git/commit/?id=e6abcc0b7cbdca481862a5c7cca946c01c471ffb |
| 58 |
|
| 59 |
[J04] Joux, Antoie. (2004). "Multicollisions in Iterated Hash Functions - Application to Cascaded Constructions;" |
| 60 |
Proceedings of CRYPTO 2004, Franklin, M. (Ed); Lecture Notes in Computer Science 3152, pp. 306-316. |
| 61 |
Available online from: http://web.cecs.pdx.edu/~teshrim/spring06/papers/general-attacks/multi-joux.pdf |
| 62 |
|
| 63 |
-- |
| 64 |
Robin Hugh Johnson |
| 65 |
Gentoo Linux: Dev, Infra Lead, Foundation Asst. Treasurer |
| 66 |
E-Mail : robbat2@g.o |
| 67 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
| 68 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |
Archives