| 1 |
Dnia 23 października 2017 10:16:38 CEST, "Robin H. Johnson" <robbat2@g.o> napisał(a): |
| 2 |
>On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote: |
| 3 |
>> In general I do not mind updating the algorithms used, but I do feel |
| 4 |
>> it is important to keep at least three present. Without at least |
| 5 |
>three |
| 6 |
>> (or a larger odd number) it is not possible to break a tie. |
| 7 |
>> |
| 8 |
>> That may ultimately be beside the point, as any invalid hashes should |
| 9 |
>> result in the user contacting the developers or doing something else, |
| 10 |
>> but it is hard to know. |
| 11 |
>I'm dropping the rest of your email about about exactly which hashes |
| 12 |
>we're bike-shedding, to focus on the number of hashes. |
| 13 |
> |
| 14 |
>I agree with your opinion to have three hashes present, and I've give a |
| 15 |
>solid rationale with historical references. |
| 16 |
> |
| 17 |
>The major reason to have 3 hashes, is as a tie-breaker, to detect if |
| 18 |
>there was a bug in the hash somehow (implementation, |
| 19 |
>compiler/assembler, |
| 20 |
>interpreter), and not the distfile. This also strongly suggests that 3 |
| 21 |
>hashes should have different construction. |
| 22 |
|
| 23 |
1. How are you planning to distinguish a successful attack against two hashes from a bug in one of them? |
| 24 |
|
| 25 |
2. Even if you do, what's the value of knowing that? |
| 26 |
|
| 27 |
> |
| 28 |
>It's come up enough times in Gentoo history already. Here's 3 of the |
| 29 |
>instances that came to mind and I could link up with bugs easily. I |
| 30 |
>also |
| 31 |
>recall an instance where the entire SHA2 family was bitten by a buggy |
| 32 |
>arch-specific (mips? arm?) GCC patch, but I can't the bug for it. |
| 33 |
> |
| 34 |
>2006: https://bugs.gentoo.org/121182 |
| 35 |
>pycrypto RMD160 on ia64 (and many other 64bit arches) |
| 36 |
>(it also had a big cleanup for the tree as a result: |
| 37 |
>https://bugs.gentoo.org/121124) |
| 38 |
> |
| 39 |
>2009: https://bugs.gentoo.org/255131 |
| 40 |
>app-crypt/mhash-0.9.9 segfaults with NULL digest in whirlpool/snefru |
| 41 |
>(portage uses python-mhash bindings) |
| 42 |
|
| 43 |
How is this one relevant? AFAICS it did not cause wrong result. |
| 44 |
|
| 45 |
> |
| 46 |
>2012: https://bugs.gentoo.org/406407 |
| 47 |
>sys-apps/portage-2.1.10.49: internal version of whirlpool algorithm |
| 48 |
>generates wrong hash |
| 49 |
> |
| 50 |
>Since we're going to much newer hashes, I think there is a non-zero |
| 51 |
>chance we WILL hit errors in the hashes again, and it would be wise to |
| 52 |
>cover the bases. |
| 53 |
> |
| 54 |
>This ends up probably looking like: SHA512, BLAKE2B, SHA3_512 |
| 55 |
|
| 56 |
|
| 57 |
-- |
| 58 |
Best regards, |
| 59 |
Michał Górny (by phone) |
Archives