1 |
To move things forward with something more concrete: |
2 |
|
3 |
On 4/5/22, Jason A. Donenfeld <zx2c4@g.o> wrote: |
4 |
> Hi, |
5 |
> |
6 |
> I'd like to propose the following for portage: |
7 |
> |
8 |
> - Only support one "secure" hash function (such as sha2, sha3, blake2, etc) |
9 |
> - Only generate and parse one hash function in Manifest files |
10 |
> - Remove support for multiple hash functions |
11 |
> |
12 |
> [...] |
13 |
> I don't really care which one we use, so long as it's not already |
14 |
> broken or too obscure/new. So in other words, any one of SHA2-256, |
15 |
> SHA2-512, SHA3, BLAKE2b, BLAKE2s would be fine with me. Can we just |
16 |
> pick one and roll with it? |
17 |
|
18 |
As you might have realized from my work on other projects, I like |
19 |
BLAKE2 a lot. However, I think there are two strong reasons for going |
20 |
with SHA512 exclusively here: |
21 |
|
22 |
- GPG signatures are already over the SHA512 of the plain text, so |
23 |
they security of the system already reduces to that. By choosing |
24 |
SHA512, we don't add more risk, whilst choosing something else means |
25 |
we're in trouble if either one has a problem. |
26 |
- Other package managers use SHA512 in their recipes, so it makes it |
27 |
easier to compare tarball checksums. |
28 |
|
29 |
The principle advantage of BLAKE2b is 64-bit speed, but SHA512 |
30 |
performs okay enough in that regard anyway. |
31 |
|
32 |
Therefore, to amend my proposal: |
33 |
|
34 |
- Use SHA512 as the Manifest hash. |
35 |
|
36 |
Any objections? |
37 |
|
38 |
Jason |