Hi Robin,
On Wed, Apr 06, 2022 at 05:31:09PM +, Robin H. Johnson wrote:
> On Wed, Apr 06, 2022 at 07:06:30PM +0200, Jason A. Donenfeld wrote:
> > No, you're still missing the point.
> >
> > If SHA-512 breaks, the security of the system fails, regardless of
> > what change we make. This is
Hey Robin,
Sorry for the delay in getting back to you. As mentioned on IRC, both of
your messages bounced earlier, and I was at a conference all last week.
Catching up with this thread now...
On Wed, Apr 06, 2022 at 05:23:25PM +, Robin H. Johnson wrote:
> On Wed, Apr 06, 2022 at 02:15:02AM
On Wed, Apr 06, 2022 at 05:23:25PM +, Robin H. Johnson wrote:
> On Wed, Apr 06, 2022 at 02:15:02AM +0200, Jason A. Donenfeld wrote:
> > 2) Comparability: other distros use SHA2-512, as well as various
> > upstreams, which means we can compare our hashes to theirs easily.
> Can we expand on
On Mon, Apr 11, 2022 at 7:14 PM Joshua Kinard wrote:
>
> On 4/5/2022 17:49, Jason A. Donenfeld wrote:
> > Hi Matt,
> >
> > On Tue, Apr 5, 2022 at 10:38 PM Matt Turner wrote:
> >>
> >> On Tue, Apr 5, 2022 at 12:30 PM Jason A. Donenfeld
> >> wrote:
> >>> By the way, we're not currently
On 4/5/2022 17:49, Jason A. Donenfeld wrote:
> Hi Matt,
>
> On Tue, Apr 5, 2022 at 10:38 PM Matt Turner wrote:
>>
>> On Tue, Apr 5, 2022 at 12:30 PM Jason A. Donenfeld wrote:
>>> By the way, we're not currently _checking_ two hash functions during
>>> src_prepare(), are we?
>>
>> I don't know,
On 2022-04-06 19:34, Rich Freeman wrote:
This is one of those low cost, low risk, high reward situations IMO.
*puts on Council hat*
The above pretty much covers my own opinion on the subject.
--
Marecki
OpenPGP_signature
Description: OpenPGP digital signature
On Wed, Apr 6, 2022 at 1:29 PM Jason A. Donenfeld wrote:
>
> Sort of. The security between infra and users relies on SHA2-512. The
> security between devs and infra relies on SHA-1. I guess the "full
> system" depends on both, but I've been focused on the more likely
> issue of a community-run
> On Wed, 06 Apr 2022, Jason A Donenfeld wrote:
> So I'll spell out the different possibilities:
> 1) GPG uses SHA-512. Manifest uses SHA-512 and BLAKE2b.
> 1a) Possibility: SHA-512 is broken. Result: system broken.
> 1b) Possibility: BLAKE2b is broken. Result: nothing.
> 2) GPG uses
On Wed, Apr 06, 2022 at 07:06:30PM +0200, Jason A. Donenfeld wrote:
> No, you're still missing the point.
>
> If SHA-512 breaks, the security of the system fails, regardless of
> what change we make. This is because GnuPG uses SHA-512 for its
> signatures.
Question directly for you Jason, because
Hi Rich,
On 4/6/22, Rich Freeman wrote:
> On Tue, Apr 5, 2022 at 8:05 PM Sam James wrote:
> Our security fails currently if EITHER SHA2-512 or a hardened version
> of SHA-1 are defeated. Our top gpg signature is bound to a git commit
> record by SHA2-512, and the git commit record is bound to
On Wed, Apr 06, 2022 at 02:15:02AM +0200, Jason A. Donenfeld wrote:
> 2) Comparability: other distros use SHA2-512, as well as various
> upstreams, which means we can compare our hashes to theirs easily.
Can we expand on this specific thread for a moment?
I was the author of GLEP59 about changing
Hi Ulrich,
On Wed, Apr 6, 2022 at 6:38 PM Ulrich Mueller wrote:
> > Why? Then we're dependent on two things, either of which could break,
> > rather than one.
>
> See? If either of these should happen, then we'll be happy that we still
> have both hashes in our Manifest files.
>
> OTOH, if that
> On Wed, 06 Apr 2022, Jason A Donenfeld wrote:
> Why? Then we're dependent on two things, either of which could break,
> rather than one.
See? If either of these should happen, then we'll be happy that we still
have both hashes in our Manifest files.
OTOH, if that argument is not relavant
Hi Ulrich,
On 4/6/22, Ulrich Mueller wrote:
>> On Wed, 06 Apr 2022, Jason A Donenfeld wrote:
>
>> I think actually the argument I'm making this time might be subtly
>> different from the motions that folks went through last year.
>> Specifically, the idea last year was to switch to using
> On Wed, 06 Apr 2022, Jason A Donenfeld wrote:
> I think actually the argument I'm making this time might be subtly
> different from the motions that folks went through last year.
> Specifically, the idea last year was to switch to using BLAKE2b only.
> I think what the arguments I'm making
On Tue, Apr 5, 2022 at 8:05 PM Sam James wrote:
> > On 5 Apr 2022, at 22:13, Jonas Stein wrote:
> >
> >> In other words, what are we actually getting by having _both_ SHA2-512
> >> and BLAKE2b for every file in every Manifest?
> >
> > Implementations are often broken and we have to expect zero
> On 6 Apr 2022, at 01:15, Jason A. Donenfeld wrote:
>
> Hi Sam,
>
> On Wed, Apr 6, 2022 at 2:02 AM Sam James wrote:
>> This matches my views and recollection. We could revisit it
>> if there was a passionate advocate (which it looks like there may well be).
>>
>> While I wasn't against it
Hi Sam,
On Wed, Apr 6, 2022 at 2:02 AM Sam James wrote:
> This matches my views and recollection. We could revisit it
> if there was a passionate advocate (which it looks like there may well be).
>
> While I wasn't against it before, I was sort of ambivalent given
> we had no strong reason to,
> On 5 Apr 2022, at 22:13, Jonas Stein wrote:
>
> Hi
>
>> I'd like to propose the following for portage:
>> - Only support one "secure" hash function (such as sha2, sha3, blake2, etc)
>> - Only generate and parse one hash function in Manifest files
>> - Remove support for multiple hash
Hi Matt,
On Tue, Apr 5, 2022 at 10:38 PM Matt Turner wrote:
>
> On Tue, Apr 5, 2022 at 12:30 PM Jason A. Donenfeld wrote:
> > By the way, we're not currently _checking_ two hash functions during
> > src_prepare(), are we?
>
> I don't know, but the hash-checking is definitely checked before
>
Hi Jonas,
On Tue, Apr 5, 2022 at 11:20 PM Jonas Stein wrote:
> > In other words, what are we actually getting by having _both_ SHA2-512
> > and BLAKE2b for every file in every Manifest?
>
> Implementations are often broken and we have to expect zero day attacks
> on hashes and on signatures.
Hi Ulrich,
On Tue, Apr 5, 2022 at 10:15 PM Ulrich Mueller wrote:
>
> > On Tue, 05 Apr 2022, Jason A Donenfeld wrote:
>
> > Huh. Something not brought up there or https://bugs.gentoo.org/784710
> > is the fact that the _security_ of the system reduces to SHA-512 as
> > used by our GPG
Hi
I'd like to propose the following for portage:
- Only support one "secure" hash function (such as sha2, sha3, blake2, etc)
- Only generate and parse one hash function in Manifest files
- Remove support for multiple hash functions
No, this has no benefit.
In other words, what are we
On Tue, Apr 5, 2022 at 12:30 PM Jason A. Donenfeld wrote:
> By the way, we're not currently _checking_ two hash functions during
> src_prepare(), are we?
I don't know, but the hash-checking is definitely checked before src_prepare().
> On Tue, 05 Apr 2022, Jason A Donenfeld wrote:
> Huh. Something not brought up there or https://bugs.gentoo.org/784710
> is the fact that the _security_ of the system reduces to SHA-512 as
> used by our GPG signatures.
The hash algorithm would be the least of my concerns about the security
Hi Matt,
On Tue, Apr 5, 2022 at 8:58 PM Matt Turner wrote:
> This was a topic in June 2021's Council meeting:
>
> https://gitweb.gentoo.org/sites/projects/council.git/tree/meeting-logs/20210613-summary.txt#n33
>
On Tue, Apr 5, 2022 at 11:47 AM Jason A. Donenfeld wrote:
>
> Hi Michal,
>
> On Tue, Apr 05, 2022 at 02:49:12PM +, Michał Górny wrote:
> > > I don't really care which one we use, so long as it's not already
> > > broken or too obscure/new. So in other words, any one of SHA2-256,
> > >
Hi Michal,
On Tue, Apr 05, 2022 at 02:49:12PM +, Michał Górny wrote:
> > I don't really care which one we use, so long as it's not already
> > broken or too obscure/new. So in other words, any one of SHA2-256,
> > SHA2-512, SHA3, BLAKE2b, BLAKE2s would be fine with me. Can we just
> > pick
On Tue, 2022-04-05 at 01:41 +0200, Jason A. Donenfeld wrote:
> Hi,
>
> I'd like to propose the following for portage:
>
> - Only support one "secure" hash function (such as sha2, sha3, blake2, etc)
> - Only generate and parse one hash function in Manifest files
> - Remove support for multiple
I don't really have any strong opinion, but I'll note this was
discussed here last year, too:
https://archives.gentoo.org/gentoo-dev/message/a51ef62765b577dccfde67d5d2d727ae
On Tue, Apr 05, 2022 at 01:41:50AM +0200, Jason A. Donenfeld wrote:
> Hi,
>
> I'd like to propose the following for
30 matches
Mail list logo
