Hi, everyone.

The previous discussion on Manifest2 hashes pretty much died away
pending fixes to Portage. Since Portage was fixed a while ago, and we
can now safely switch, I'd like to reboot the discussion before
submitting the item for the next Council meeting.

Considering all arguments made so far, I'd like to propose changing:

  manifest-hashes = SHA256 SHA512 WHIRLPOOL


  manifest-hashes = SHA512 SHA3_512

In other words, removing SHA256 and WHIRLPOOL, and adding SHA3_512.


1. The main argument for using multiple hashes is to prevent the (very
unlikely) possibility that if a weakness is discovered in one of
the hashes, the other would still hold. This is given by using two
algorithms; more than two do not increase security significantly, while
they do increase performance cost.

2. For the above to hold, the hashes should be diverse. SHA256
and SHA512 are the same algorithm, so a weakness discovered in either
would probably apply to both -- keeping both does not make sense at all.
Furthermore, both SHA2 and WHIRLPOOL use the same construct (MD), so
a weakness in the construct would apply to both.

3. Keeping one of the three old hashes is necessary for compatibility
reasons. Furthermore, the current versions of Portage consider SHA512
obligatory, so we can't remove it without redesigning Portage first
(though I think this applies only to developer installs, i.e. those
creating Manifests).

4. The new hashes that are stronger and commonly available are
SHA3/Keccak (using sponges) and BLAKE2 (HAIFA). Both are diverse from
our current algorithms, so either is a good candidate. The choice of
Keccak is purely arbitrary (because it's the winner?).

All the above considered, I think it's most reasonable to use two hashes
with diverse constructs. SHA512 needs to be one of them, for
compatibility reasons. The other could be either SHA3_512 or BLAKE2B,
as a strong, future-proof hash. SHA3 is probably a better choice because
it's going to have more support as the official recommendation.

Best regards,
Michał Górny

Reply via email to