Hi, everyone. The previous discussion on Manifest2 hashes pretty much died away pending fixes to Portage. Since Portage was fixed a while ago, and we can now safely switch, I'd like to reboot the discussion before submitting the item for the next Council meeting.
Considering all arguments made so far, I'd like to propose changing: manifest-hashes = SHA256 SHA512 WHIRLPOOL to: manifest-hashes = SHA512 SHA3_512 In other words, removing SHA256 and WHIRLPOOL, and adding SHA3_512. Rationale --------- 1. The main argument for using multiple hashes is to prevent the (very unlikely) possibility that if a weakness is discovered in one of the hashes, the other would still hold. This is given by using two algorithms; more than two do not increase security significantly, while they do increase performance cost. 2. For the above to hold, the hashes should be diverse. SHA256 and SHA512 are the same algorithm, so a weakness discovered in either would probably apply to both -- keeping both does not make sense at all. Furthermore, both SHA2 and WHIRLPOOL use the same construct (MD), so a weakness in the construct would apply to both. 3. Keeping one of the three old hashes is necessary for compatibility reasons. Furthermore, the current versions of Portage consider SHA512 obligatory, so we can't remove it without redesigning Portage first (though I think this applies only to developer installs, i.e. those creating Manifests). 4. The new hashes that are stronger and commonly available are SHA3/Keccak (using sponges) and BLAKE2 (HAIFA). Both are diverse from our current algorithms, so either is a good candidate. The choice of Keccak is purely arbitrary (because it's the winner?). All the above considered, I think it's most reasonable to use two hashes with diverse constructs. SHA512 needs to be one of them, for compatibility reasons. The other could be either SHA3_512 or BLAKE2B, as a strong, future-proof hash. SHA3 is probably a better choice because it's going to have more support as the official recommendation. -- Best regards, Michał Górny