Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Gordon Pettey <petteyg359@×××××.com>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th
Date: Fri, 20 Oct 2017 23:03:53
Message-Id: CAHY5MefjTwk4TdVqvb=Ln3NfWXdOHn3p5a7-1_Lr-fhipsfj8w@mail.gmail.com
In Reply to: Re: [gentoo-dev] Manifest2 hashes, take n+1-th by Anton Molyboha
1 On Fri, Oct 20, 2017 at 5:42 PM, Anton Molyboha <anton.stay.connected@gmail.
2 com> wrote:
3
4 > On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey <petteyg359@×××××.com>
5 > wrote:
6 >
7 >> On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck <hanno@g.o> wrote:
8 >>
9 >>> On Thu, 19 Oct 2017 21:08:40 +0200
10 >>> Michał Górny <mgorny@g.o> wrote:
11 >>>
12 >>> > manifest-hashes = SHA512 SHA3_512
13 >>>
14 >>> Counterproposal: Just use SHA512.
15 >>>
16 >>> There isn't any evidence that any SHA2-based hash algorithm is going to
17 >>> be broken any time soon. If that changes there will very likely be
18 >>> decades of warning before a break becomes practical.
19 >>>
20 >>> Having just one hash is simpler and using a well supported one like
21 >>> SHA512 may make things easier than using something that's still not
22 >>> very widely supported.
23 >>
24 >>
25 >> Yet having more than one lets you match make sure nobody hijacked your
26 >> manifest file when an attack vector is inevitably discovered for the old
27 >> new algorithm (whether SHA2, SHA3, or BLAKE2), because you'll be able to
28 >> confirm the file is the same one that matched the old checksum in addition
29 >> to the new one.
30 >>
31 >
32 > Would it make sense then to support several hashes but let the user
33 > optionally turn off the verification of some of them, depending on the
34 > user's security vs performance requirements?
35 >
36 I would strongly question whether anybody is actually running emerge (or
37 whatever command that would be using the manifests) on systems that don't
38 have the CPU power to check a few hashes. If the CPU is really that weak,
39 there are likely much more important issues to deal with than what
40 combination of hashing algorithms manifests use. Things like "I should be
41 using pre-built system images because my CPU is orders of magnitude to even
42 do dependency tree calculation in less than a decade"...
Report Message
Find on MARC Find on Google Groups