On Fri, Oct 20, 2017 at 5:42 PM, Anton Molyboha <anton.stay.connected@gmail. com> wrote:
> On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey <[email protected]> > wrote: > >> On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck <[email protected]> wrote: >> >>> On Thu, 19 Oct 2017 21:08:40 +0200 >>> Michał Górny <[email protected]> wrote: >>> >>> > manifest-hashes = SHA512 SHA3_512 >>> >>> Counterproposal: Just use SHA512. >>> >>> There isn't any evidence that any SHA2-based hash algorithm is going to >>> be broken any time soon. If that changes there will very likely be >>> decades of warning before a break becomes practical. >>> >>> Having just one hash is simpler and using a well supported one like >>> SHA512 may make things easier than using something that's still not >>> very widely supported. >> >> >> Yet having more than one lets you match make sure nobody hijacked your >> manifest file when an attack vector is inevitably discovered for the old >> new algorithm (whether SHA2, SHA3, or BLAKE2), because you'll be able to >> confirm the file is the same one that matched the old checksum in addition >> to the new one. >> > > Would it make sense then to support several hashes but let the user > optionally turn off the verification of some of them, depending on the > user's security vs performance requirements? > I would strongly question whether anybody is actually running emerge (or whatever command that would be using the manifests) on systems that don't have the CPU power to check a few hashes. If the CPU is really that weak, there are likely much more important issues to deal with than what combination of hashing algorithms manifests use. Things like "I should be using pre-built system images because my CPU is orders of magnitude to even do dependency tree calculation in less than a decade"...
