Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

2017-10-24 Thread Paweł Hajdan , Jr .
On 24/10/2017 06:11, Michał Górny wrote: > W dniu wto, 24.10.2017 o godzinie 06∶04 +0200, użytkownik Michał Górny > napisał: >> Three hashes don't give any noticeable advantage. If we want a diverse >> construct, we take SHA3. SHA3 is slower than SHA2 + BLAKE2 combined, so >> even with 3 threaded c

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

2017-10-24 Thread Chí-Thanh Christopher Nguyễn
Michał Górny schrieb: > Oh, and most notably, the speed loss will be mostly visible to users. > An attacker would have to compute the additional hashes only > if the fastest hash already matched, i.e. rarely. Users will have to > compute them all the time. That is currently the case with portage,

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

2017-10-24 Thread Rich Freeman
On Tue, Oct 24, 2017 at 4:21 AM, Paweł Hajdan, Jr. wrote: > On 24/10/2017 06:11, Michał Górny wrote: >> W dniu wto, 24.10.2017 o godzinie 06∶04 +0200, użytkownik Michał Górny >> napisał: >>> Three hashes don't give any noticeable advantage. If we want a diverse >>> construct, we take SHA3. SHA3 is

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

2017-10-24 Thread Michał Górny
W dniu wto, 24.10.2017 o godzinie 13∶56 +0200, użytkownik Chí-Thanh Christopher Nguyễn napisał: > Michał Górny schrieb: > > Oh, and most notably, the speed loss will be mostly visible to users. > > An attacker would have to compute the additional hashes only > > if the fastest hash already matched,

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

2017-10-24 Thread Allan Wegan
>> That is currently the case with portage, but not an inevitable >> consequence of having 3 hash functions in the Manifest. Portage could >> be made to check only one or two of them (even by default), giving >> the tie-breaking ability to those who need it, and speeding up things >> for those who

Re: [gentoo-dev] [RFC] GLEP 65 v2: Post-install QA checks (now with post-merge checks)

2017-10-24 Thread Michael Orlitzky
On 10/17/2017 02:12 PM, Michał Górny wrote: > > Abstract > > > ... > The QA checks can inspect the installation image or live system respectively, Respective to what? > output and store both user- and machine-oriented QA warning logs, manipulate > the files and abort the install, as n

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: one hash to decide them all

2017-10-24 Thread Robin H. Johnson
On Tue, Oct 24, 2017 at 11:33:39PM +0200, Allan Wegan wrote: > >> That is currently the case with portage, but not an inevitable > >> consequence of having 3 hash functions in the Manifest. Portage could > >> be made to check only one or two of them (even by default), giving > >> the tie-breaking a