Gentoo Archives: gentoo-dev

From: John Helmert III <ajak@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] proposal: use only one hash function in manifest files
Date: Tue, 05 Apr 2022 01:48:54
In Reply to: [gentoo-dev] proposal: use only one hash function in manifest files by "Jason A. Donenfeld"
1 I don't really have any strong opinion, but I'll note this was
2 discussed here last year, too:
6 On Tue, Apr 05, 2022 at 01:41:50AM +0200, Jason A. Donenfeld wrote:
7 > Hi,
8 >
9 > I'd like to propose the following for portage:
10 >
11 > - Only support one "secure" hash function (such as sha2, sha3, blake2, etc)
12 > - Only generate and parse one hash function in Manifest files
13 > - Remove support for multiple hash functions
14 >
15 > In other words, what are we actually getting by having _both_ SHA2-512
16 > and BLAKE2b for every file in every Manifest? It's not about file
17 > integrity, since certainly a single hash handles that use case fine.
18 > And it's not about security either, since for that we use gpg
19 > signatures, and gpg signatures are carried out over a _single_ hash of
20 > the plain text being hashed, so the security of the system reduces to
21 > breaking SHA2-512 anyway. So, if it's not about file integrity and
22 > it's not about security, what is it about?
23 >
24 > I don't really care which one we use, so long as it's not already
25 > broken or too obscure/new. So in other words, any one of SHA2-256,
26 > SHA2-512, SHA3, BLAKE2b, BLAKE2s would be fine with me. Can we just
27 > pick one and roll with it?
28 >
29 > Jason
30 >
31 > PS: there _is_ a good reason for recording the file size in Manifest
32 > files as we do now: it's quicker to compare sizes on large files than
33 > it is to read and hash the whole thing, so this gives us a "free" way
34 > of noticing quick corruption.
35 >


File name MIME type
signature.asc application/pgp-signature