On 7/24/2021 11:16, Michał Górny wrote: > Hi, everyone. > > I've been asked to repost the idea of removing SHA512 hash from > Manifests, effectively limiting them to BLAKE2B. > > The 'old' set of Gentoo hashes including SHA512 went live in July 2012. > In November 2017, we have decided to remove the two other hashes and add > BLAKE2B in their stead. Today, all Gentoo packages are using BLAKE2B > and SHA512 hashes. > > To all extent, this is purely a cosmetic change. The benefit from > removing the additional hash is negligible, both from space perspective > and hashing speed perspective. The benefit from keeping two hashes is > also negligible. > > Back during the 2017 discussion, Infra came to the conclusion that we're > going to keep SHA512 for a transition period, then remove it, and stay > with a single hash algorithm. In my opinion, we have kept it long > enough. > > WDYT?
Are there any security benefits/consequences of keeping two/one? If no to consequences, then I don't see a problem dropping SHA512. And are we looking at BLAKE3 hash support at all for the future? I know that algo is fairly new (Jan 2020). A quick read indicates it merges a number of the BLAKE2 variants together and is faster in some areas of execution. -- Joshua Kinard Gentoo/MIPS ku...@gentoo.org rsa6144/5C63F4E3F5C6C943 2015-04-27 177C 1972 1FB8 F254 BAD0 3E72 5C63 F4E3 F5C6 C943 "The past tempts us, the present confuses us, the future frightens us. And our lives slip away, moment by moment, lost in that vast, terrible in-between." --Emperor Turhan, Centauri Republic
