On Fri, Oct 20, 2017 at 12:49 AM, Gordon Pettey <petteyg...@gmail.com> wrote:
> On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck <ha...@gentoo.org> wrote: > >> On Thu, 19 Oct 2017 21:08:40 +0200 >> Michał Górny <mgo...@gentoo.org> wrote: >> >> > manifest-hashes = SHA512 SHA3_512 >> >> Counterproposal: Just use SHA512. >> >> There isn't any evidence that any SHA2-based hash algorithm is going to >> be broken any time soon. If that changes there will very likely be >> decades of warning before a break becomes practical. >> >> Having just one hash is simpler and using a well supported one like >> SHA512 may make things easier than using something that's still not >> very widely supported. > > > Yet having more than one lets you match make sure nobody hijacked your > manifest file when an attack vector is inevitably discovered for the old > new algorithm (whether SHA2, SHA3, or BLAKE2), because you'll be able to > confirm the file is the same one that matched the old checksum in addition > to the new one. > As Hanno was saying, we'll have decades of warning before a break becomes practical, so I don't think this is a real concern. I think the problem of having this discussion on gentoo-dev this way is that people with vastly different levels of security/crypto expertise are discussing different options without much regard for the level of expertise (and maybe even unaware of others' relevant expertise). I support Hanno's suggestion of doing just SHA512, but would be interested in hearing opinions from others who have apparent security/crypto experience. Maybe the Security project can weigh the suggestions as well? Cheers, Dirkjan
