| 1 |
Hi Ulrich, |
| 2 |
|
| 3 |
On Wed, Apr 6, 2022 at 6:38 PM Ulrich Mueller <ulm@g.o> wrote: |
| 4 |
> > Why? Then we're dependent on two things, either of which could break, |
| 5 |
> > rather than one. |
| 6 |
> |
| 7 |
> See? If either of these should happen, then we'll be happy that we still |
| 8 |
> have both hashes in our Manifest files. |
| 9 |
> |
| 10 |
> OTOH, if that argument is not relavant because the probability of both |
| 11 |
> is close to zero, then (from a security POV) it doesn't matter which of |
| 12 |
> the two hashes we remove. |
| 13 |
|
| 14 |
No, you're still missing the point. |
| 15 |
|
| 16 |
If SHA-512 breaks, the security of the system fails, regardless of |
| 17 |
what change we make. This is because GnuPG uses SHA-512 for its |
| 18 |
signatures. |
| 19 |
|
| 20 |
So I'll spell out the different possibilities: |
| 21 |
|
| 22 |
1) GPG uses SHA-512. Manifest uses SHA-512 and BLAKE2b. |
| 23 |
1a) Possibility: SHA-512 is broken. Result: system broken. |
| 24 |
1b) Possibility: BLAKE2b is broken. Result: nothing. |
| 25 |
|
| 26 |
2) GPG uses SHA-512. Manifest uses SHA-512. |
| 27 |
2a) Possibility: SHA-512 is broken. Result: system broken. |
| 28 |
2b) Possibility: BLAKE2b is broken. Result: nothing. |
| 29 |
|
| 30 |
3) GPG uses SHA-512. Manifest uses BLAKE2b. |
| 31 |
3a) Possibility: SHA-512 is broken. Result: system broken. |
| 32 |
3b) Possibility: BLAKE2b is broken. Result: system broken. |
| 33 |
|
| 34 |
See how from a security perspective, (2) is not worse than (1), but |
| 35 |
(3) is worse than both (1) and (2)? |
| 36 |
|
| 37 |
Jason |
Archives