| 1 |
> On 5 Apr 2022, at 22:13, Jonas Stein <jstein@g.o> wrote: |
| 2 |
> |
| 3 |
> Hi |
| 4 |
> |
| 5 |
>> I'd like to propose the following for portage: |
| 6 |
>> - Only support one "secure" hash function (such as sha2, sha3, blake2, etc) |
| 7 |
>> - Only generate and parse one hash function in Manifest files |
| 8 |
>> - Remove support for multiple hash functions |
| 9 |
> |
| 10 |
> No, this has no benefit. |
| 11 |
|
| 12 |
Which part has no benefit? I could see a case (although I don't think it's a super strong one) |
| 13 |
for keeping support for multiple hash types in Portage, but only 1 in a Manifest. |
| 14 |
|
| 15 |
I think Jason's made a fair case for dropping it. |
| 16 |
|
| 17 |
> |
| 18 |
>> In other words, what are we actually getting by having _both_ SHA2-512 |
| 19 |
>> and BLAKE2b for every file in every Manifest? |
| 20 |
> |
| 21 |
> Implementations are often broken and we have to expect zero day attacks on hashes and on signatures. Hence it does not hurt to have a second hash. |
| 22 |
|
| 23 |
I don't think this is the case. They're not broken often, it's a very very big deal when they do, and we'd also have far bigger problems in such a case (as already pointed out, TLS would be an issue, but also GPG signatures, git commit hashes, ...). |
| 24 |
|
| 25 |
> |
| 26 |
> It is very likely that we can not trust in X for a while in the next years, but it is very unlikely that two different implementations are affected. |
| 27 |
> |
| 28 |
|
| 29 |
I don't think it is likely that e.g. SHA512 will be broken in the next few years, no, but if it is going to be, we have far bigger issues and we'd need to have double algorithms in our whole stack, which we don't have. |
| 30 |
|
| 31 |
> Additionally calculating a second hash does not cost anything. |
| 32 |
|
| 33 |
It does have a cost at both Manifest-generation time and emerge-time. |
| 34 |
|
| 35 |
Thanks, |
| 36 |
sam |
Archives