On Sat, Oct 21, 2017 at 12:12 PM, R0b0t1 <r03...@gmail.com> wrote:
> On Sat, Oct 21, 2017 at 11:26 AM, Robin H. Johnson <robb...@gentoo.org> wrote:
>> On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote:
>>> I would like to present my suggestions:
>>>
>>> SHA512, (RIPEMD160 | WHIRLPOOL | BLAKE2B), (SHA3_512 | BLAKE2B);
>>>
>>> or more definitively:
>>>
>>> SHA512, RIPEMD160, BLAKE2B.
>> Please do NOT reintroduce RIPEMD160. It was one of the older Portage
>> hashes prior to implementation of GLEP059, and was removed because it
>> was shown to fall to parts of the same attacks at MD4/MD5 by Wang's
>> paper in 2004.
>>
>> Wang, X. et al. (2004). "Collisions for Hash Functions MD4, MD5,
>> HAVAL-128 and RIPEMD", rump session, CRYPTO 2004, Cryptology ePrint
>> Archive, Report 2004/199, first version (August 16, 2004), second
>> version (August 17, 2004). Available online from:
>> http://eprint.iacr.org/2004/199.pdf
>>
>
Also important is that the existence of a constructed collision is not
necessarily an indication that the function is weak for real data.
> Can anyone defend the transition to two hashes, or is it just based on
> speculation?
>
This thread in particular is the worst case of bikeshedding I have
seen on gentoo-dev. No one here is well equipped to evaluate the
cryptographic primitives being discussed[1] but there are still many
strong opinions and unwarranted suggestions.
Respectfully,
R0b0t1
[1]: In fairness perhaps no one is, as the cryptography of one
particular function takes very intensive study. Most published
algorithms are never studied intently until they are adopted. Still,
people should be justifying any suggestion by referencing real data or
tested deficiencies. Not guessing.
