| 1 |
On Sat, Oct 21, 2017 at 12:12 PM, R0b0t1 <r030t1@×××××.com> wrote: |
| 2 |
> On Sat, Oct 21, 2017 at 11:26 AM, Robin H. Johnson <robbat2@g.o> wrote: |
| 3 |
>> On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote: |
| 4 |
>>> I would like to present my suggestions: |
| 5 |
>>> |
| 6 |
>>> SHA512, (RIPEMD160 | WHIRLPOOL | BLAKE2B), (SHA3_512 | BLAKE2B); |
| 7 |
>>> |
| 8 |
>>> or more definitively: |
| 9 |
>>> |
| 10 |
>>> SHA512, RIPEMD160, BLAKE2B. |
| 11 |
>> Please do NOT reintroduce RIPEMD160. It was one of the older Portage |
| 12 |
>> hashes prior to implementation of GLEP059, and was removed because it |
| 13 |
>> was shown to fall to parts of the same attacks at MD4/MD5 by Wang's |
| 14 |
>> paper in 2004. |
| 15 |
>> |
| 16 |
>> Wang, X. et al. (2004). "Collisions for Hash Functions MD4, MD5, |
| 17 |
>> HAVAL-128 and RIPEMD", rump session, CRYPTO 2004, Cryptology ePrint |
| 18 |
>> Archive, Report 2004/199, first version (August 16, 2004), second |
| 19 |
>> version (August 17, 2004). Available online from: |
| 20 |
>> http://eprint.iacr.org/2004/199.pdf |
| 21 |
>> |
| 22 |
> |
| 23 |
|
| 24 |
Also important is that the existence of a constructed collision is not |
| 25 |
necessarily an indication that the function is weak for real data. |
| 26 |
|
| 27 |
|
| 28 |
> Can anyone defend the transition to two hashes, or is it just based on |
| 29 |
> speculation? |
| 30 |
> |
| 31 |
|
| 32 |
This thread in particular is the worst case of bikeshedding I have |
| 33 |
seen on gentoo-dev. No one here is well equipped to evaluate the |
| 34 |
cryptographic primitives being discussed[1] but there are still many |
| 35 |
strong opinions and unwarranted suggestions. |
| 36 |
|
| 37 |
Respectfully, |
| 38 |
R0b0t1 |
| 39 |
|
| 40 |
|
| 41 |
[1]: In fairness perhaps no one is, as the cryptography of one |
| 42 |
particular function takes very intensive study. Most published |
| 43 |
algorithms are never studied intently until they are adopted. Still, |
| 44 |
people should be justifying any suggestion by referencing real data or |
| 45 |
tested deficiencies. Not guessing. |
Archives