1 |
>>>>> On Wed, 06 Apr 2022, Jason A Donenfeld wrote: |
2 |
|
3 |
> I think actually the argument I'm making this time might be subtly |
4 |
> different from the motions that folks went through last year. |
5 |
> Specifically, the idea last year was to switch to using BLAKE2b only. |
6 |
> I think what the arguments I'm making now point to is switching to |
7 |
> SHA2-512 only. |
8 |
|
9 |
Still, I think that if we drop one of the hashes then we should proceed |
10 |
with the original plan. That is, keep the more modern BLAKE2B (which was |
11 |
a participant of the SHA-3 competition [1]) and drop the older SHA512. |
12 |
|
13 |
Back then, we had the choice between adding SHA3_512 and BLAKE2B, and we |
14 |
preferred BLAKE2B for performance reasons. |
15 |
|
16 |
I also think that the argument about the OpenPGP signature isn't very |
17 |
strong, because replacing that signature by another one using a |
18 |
different hash is trivial. As I said before, replacing all Manifest |
19 |
files in the tree isn't. |
20 |
|
21 |
Ulrich |
22 |
|
23 |
[1] https://en.wikipedia.org/wiki/NIST_hash_function_competition |