>>>>> On Wed, 06 Apr 2022, Jason A Donenfeld wrote: > So I'll spell out the different possibilities:
> 1) GPG uses SHA-512. Manifest uses SHA-512 and BLAKE2b. > 1a) Possibility: SHA-512 is broken. Result: system broken. > 1b) Possibility: BLAKE2b is broken. Result: nothing. > 2) GPG uses SHA-512. Manifest uses SHA-512. > 2a) Possibility: SHA-512 is broken. Result: system broken. > 2b) Possibility: BLAKE2b is broken. Result: nothing. > 3) GPG uses SHA-512. Manifest uses BLAKE2b. > 3a) Possibility: SHA-512 is broken. Result: system broken. > 3b) Possibility: BLAKE2b is broken. Result: system broken. > See how from a security perspective, (2) is not worse than (1), but > (3) is worse than both (1) and (2)? No it isn't. We can replace the top-level signature easily, but replacing all Manifest hashes in the tree is hard (i.e. 1a and 3a are trivial to fix, but 2a and 3b aren't). I've said this multiple times now, so I'm out of here. Ulrich
signature.asc
Description: PGP signature
