Hi Ulrich, On Wed, Apr 6, 2022 at 6:38 PM Ulrich Mueller <u...@gentoo.org> wrote: > > Why? Then we're dependent on two things, either of which could break, > > rather than one. > > See? If either of these should happen, then we'll be happy that we still > have both hashes in our Manifest files. > > OTOH, if that argument is not relavant because the probability of both > is close to zero, then (from a security POV) it doesn't matter which of > the two hashes we remove.
No, you're still missing the point. If SHA-512 breaks, the security of the system fails, regardless of what change we make. This is because GnuPG uses SHA-512 for its signatures. So I'll spell out the different possibilities: 1) GPG uses SHA-512. Manifest uses SHA-512 and BLAKE2b. 1a) Possibility: SHA-512 is broken. Result: system broken. 1b) Possibility: BLAKE2b is broken. Result: nothing. 2) GPG uses SHA-512. Manifest uses SHA-512. 2a) Possibility: SHA-512 is broken. Result: system broken. 2b) Possibility: BLAKE2b is broken. Result: nothing. 3) GPG uses SHA-512. Manifest uses BLAKE2b. 3a) Possibility: SHA-512 is broken. Result: system broken. 3b) Possibility: BLAKE2b is broken. Result: system broken. See how from a security perspective, (2) is not worse than (1), but (3) is worse than both (1) and (2)? Jason
