On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey <[email protected]> wrote:
> On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck <[email protected]> wrote: > >> On Thu, 19 Oct 2017 21:08:40 +0200 >> Michał Górny <[email protected]> wrote: >> >> > manifest-hashes = SHA512 SHA3_512 >> >> Counterproposal: Just use SHA512. >> >> There isn't any evidence that any SHA2-based hash algorithm is going to >> be broken any time soon. If that changes there will very likely be >> decades of warning before a break becomes practical. >> >> Having just one hash is simpler and using a well supported one like >> SHA512 may make things easier than using something that's still not >> very widely supported. > > > Yet having more than one lets you match make sure nobody hijacked your > manifest file when an attack vector is inevitably discovered for the old > new algorithm (whether SHA2, SHA3, or BLAKE2), because you'll be able to > confirm the file is the same one that matched the old checksum in addition > to the new one. > Would it make sense then to support several hashes but let the user optionally turn off the verification of some of them, depending on the user's security vs performance requirements? -- Anton
