On Mon, Apr 3, 2017 at 7:09 PM, Michał Górny <mgo...@gentoo.org> wrote: > Your thoughts?
This seems pretty hasty. First of all, SHA-256 should be safe for all intents and purposes, and for the foreseeable future. This is nothing like Git's usage of SHA-1, which was known to be on the way to brokenville for a long time. I don't think there is a solid reason for deprecating it now. Second, the amount of diversity proposed does not make sense. If asked, I would propose we keep SHA-256 as one of the options and additionally add a SHA3 variant and a BLAKE2 variant as other options. This would provide more than enough diversity. Also totally agreed with Vadim on the obscurity of the GOST algorithms. But, this is the kind of thing where we really should get input from the Security project, so we should get people like Hanno and Kristian involved. Third, I don't much trust the security record of the python libraries mentioned. cryptography is the best Python library for crypto by far, and I think we should use it exclusively for anything Python doesn't provide in the stdlib. The PyCrypto security record is not exactly stellar IIRC, and since pycryptodome is a fork of it, I don't trust it that much, either. But mainly, please, I think we should leave the security-sensitive decisions to people with more security expertise. Cheers, Dirkjan
