To move things forward with something more concrete: On 4/5/22, Jason A. Donenfeld <zx...@gentoo.org> wrote: > Hi, > > I'd like to propose the following for portage: > > - Only support one "secure" hash function (such as sha2, sha3, blake2, etc) > - Only generate and parse one hash function in Manifest files > - Remove support for multiple hash functions > > [...] > I don't really care which one we use, so long as it's not already > broken or too obscure/new. So in other words, any one of SHA2-256, > SHA2-512, SHA3, BLAKE2b, BLAKE2s would be fine with me. Can we just > pick one and roll with it?
As you might have realized from my work on other projects, I like BLAKE2 a lot. However, I think there are two strong reasons for going with SHA512 exclusively here: - GPG signatures are already over the SHA512 of the plain text, so they security of the system already reduces to that. By choosing SHA512, we don't add more risk, whilst choosing something else means we're in trouble if either one has a problem. - Other package managers use SHA512 in their recipes, so it makes it easier to compare tarball checksums. The principle advantage of BLAKE2b is 64-bit speed, but SHA512 performs okay enough in that regard anyway. Therefore, to amend my proposal: - Use SHA512 as the Manifest hash. Any objections? Jason
