Hi, On Mon, 3 Apr 2017 22:00:15 +0200 Dirkjan Ochtman <d...@gentoo.org> wrote:
> First of all, SHA-256 should be safe for all intents and purposes, and > for the foreseeable future. This is nothing like Git's usage of SHA-1, > which was known to be on the way to brokenville for a long time. I > don't think there is a solid reason for deprecating it now. > > Second, the amount of diversity proposed does not make sense. If > asked, I would propose we keep SHA-256 as one of the options and > additionally add a SHA3 variant and a BLAKE2 variant as other options. > This would provide more than enough diversity. Also totally agreed > with Vadim on the obscurity of the GOST algorithms. > > But, this is the kind of thing where we really should get input from > the Security project, so we should get people like Hanno and Kristian > involved. As you specifically asked for my opinion: I think there's no reason to doubt the security of any of the sha2 hashes (including sha256), any of sha3 or blake2 for the forseeable future. (That means counting in many decades - there isn't even a shred of evidence sha256 is going to be broken any time soon.) There's no point in deprecating anything. I find it unnecessary to introduce additional complexity here and adding obscurity algorithms like gost sounds really bizarre and unnecessary. I'd recommend against introducing anything that requires unusual dependencies. If anything I'd propose to just change to a single hash functio -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
