1 |
On 7/24/2021 11:16, Michał Górny wrote: |
2 |
> Hi, everyone. |
3 |
> |
4 |
> I've been asked to repost the idea of removing SHA512 hash from |
5 |
> Manifests, effectively limiting them to BLAKE2B. |
6 |
> |
7 |
> The 'old' set of Gentoo hashes including SHA512 went live in July 2012. |
8 |
> In November 2017, we have decided to remove the two other hashes and add |
9 |
> BLAKE2B in their stead. Today, all Gentoo packages are using BLAKE2B |
10 |
> and SHA512 hashes. |
11 |
> |
12 |
> To all extent, this is purely a cosmetic change. The benefit from |
13 |
> removing the additional hash is negligible, both from space perspective |
14 |
> and hashing speed perspective. The benefit from keeping two hashes is |
15 |
> also negligible. |
16 |
> |
17 |
> Back during the 2017 discussion, Infra came to the conclusion that we're |
18 |
> going to keep SHA512 for a transition period, then remove it, and stay |
19 |
> with a single hash algorithm. In my opinion, we have kept it long |
20 |
> enough. |
21 |
> |
22 |
> WDYT? |
23 |
|
24 |
Are there any security benefits/consequences of keeping two/one? If no to |
25 |
consequences, then I don't see a problem dropping SHA512. |
26 |
|
27 |
And are we looking at BLAKE3 hash support at all for the future? I know |
28 |
that algo is fairly new (Jan 2020). A quick read indicates it merges a |
29 |
number of the BLAKE2 variants together and is faster in some areas of execution. |
30 |
|
31 |
-- |
32 |
Joshua Kinard |
33 |
Gentoo/MIPS |
34 |
kumba@g.o |
35 |
rsa6144/5C63F4E3F5C6C943 2015-04-27 |
36 |
177C 1972 1FB8 F254 BAD0 3E72 5C63 F4E3 F5C6 C943 |
37 |
|
38 |
"The past tempts us, the present confuses us, the future frightens us. And |
39 |
our lives slip away, moment by moment, lost in that vast, terrible in-between." |
40 |
|
41 |
--Emperor Turhan, Centauri Republic |