Michał Górny posted on Sat, 21 Oct 2017 01:39:55 +0200 as excerpted:
> W dniu pią, 20.10.2017 o godzinie 18∶42 -0400, użytkownik Anton Molyboha
> napisał:
>> Would it make sense then to support several hashes but let the user
>> optionally turn off the verification of some of them, depending on
Blake2 is in coreutils already, provides an excellent security margin, and
is considerably faster than both sha2 and sha3.
On Oct 19, 2017 21:09, "Michał Górny" wrote:
> Hi, everyone.
>
> The previous discussion on Manifest2 hashes pretty much died away
> pending fixes to
On Fri, Oct 20, 2017 at 8:04 AM, Kristian Fiskerstrand wrote:
> On 10/20/2017 11:10 AM, Dirkjan Ochtman wrote:
>>
>> I support Hanno's suggestion of doing just SHA512, but would be
>> interested in hearing opinions from others who have apparent
>> security/crypto experience.
Hello,
I missed some messages in the time I wrote my reply. This also touches
on some of the points in Mr. Górny's other message about time.
On Fri, Oct 20, 2017 at 6:38 PM, Michał Górny wrote:
> W dniu pią, 20.10.2017 o godzinie 00∶20 +0200, użytkownik Francesco
> Riosa
W dniu pią, 20.10.2017 o godzinie 18∶42 -0400, użytkownik Anton Molyboha
napisał:
> On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey wrote:
>
> > On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote:
> >
> > > On Thu, 19 Oct 2017 21:08:40 +0200
> > > Michał
W dniu pią, 20.10.2017 o godzinie 00∶20 +0200, użytkownik Francesco
Riosa napisał:
> 2017-10-19 23:00 GMT+02:00 Michał Górny :
>
> > W dniu czw, 19.10.2017 o godzinie 21∶08 +0200, użytkownik Michał Górny
> > napisał:
> > >
> > > 4. The new hashes that are stronger and commonly
On Fri, Oct 20, 2017 at 5:42 PM, Anton Molyboha wrote:
> On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey
> wrote:
>
>> On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote:
>>
>>> On Thu, 19 Oct 2017 21:08:40 +0200
>>> Michał
On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey wrote:
> On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote:
>
>> On Thu, 19 Oct 2017 21:08:40 +0200
>> Michał Górny wrote:
>>
>> > manifest-hashes = SHA512 SHA3_512
>>
>>
Hello,
On Thu, Oct 19, 2017 at 2:08 PM, Michał Górny wrote:
> Hi, everyone.
>
> The previous discussion on Manifest2 hashes pretty much died away
> pending fixes to Portage. Since Portage was fixed a while ago, and we
> can now safely switch, I'd like to reboot the discussion
# Andreas K. Hüttel (20 Oct 2017)
# Doesn't build with glibc-2.25, doesn't build, needs a
# version bump, needs a maintainer. Bugs 604364, 599004,
# 627064. Removal in 30 days.
app-crypt/zuluCrypt
--
Andreas K. Hüttel
dilfri...@gentoo.org
Gentoo Linux developer (council,
On 10/20/2017 12:26 PM, Michał Górny wrote:
> ---
> .travis.yml | 2 ++
> pym/portage/checksum.py | 15 +--
> 2 files changed, 15 insertions(+), 2 deletions(-)
>
> diff --git a/.travis.yml b/.travis.yml
> index 20078530e..ebcfbeab9 100644
> --- a/.travis.yml
> +++
---
.travis.yml | 2 ++
pym/portage/checksum.py | 15 +--
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 20078530e..ebcfbeab9 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -12,6 +12,8 @@ install:
# python3.6+ has sha3
W dniu pią, 20.10.2017 o godzinie 17∶42 +0200, użytkownik Paweł Hajdan,
Jr. napisał:
> On 19/10/2017 21:08, Michał Górny wrote:
> > Considering all arguments made so far, I'd like to propose changing:
> > manifest-hashes = SHA256 SHA512 WHIRLPOOL
> > to:
> > manifest-hashes = SHA512 SHA3_512
>
On 19/10/2017 21:08, Michał Górny wrote:
> Considering all arguments made so far, I'd like to propose changing:
> manifest-hashes = SHA256 SHA512 WHIRLPOOL
> to:
> manifest-hashes = SHA512 SHA3_512
+1, fine for me
> 1. The main argument for using multiple hashes is to prevent the (very
>
On Fri, Oct 20, 2017 at 6:04 AM, Kristian Fiskerstrand wrote:
> On 10/20/2017 11:10 AM, Dirkjan Ochtman wrote:
>>
>> I support Hanno's suggestion of doing just SHA512, but would be
>> interested in hearing opinions from others who have apparent
>> security/crypto experience.
On 10/20/2017 03:05 PM, Michael Orlitzky wrote:
> Every WiFi network on the planet essentially became Starbucks overnight
> on Sunday->Monday, so in my opinion we shouldn't bet against immediate
> and catastrophic failure of anything, no matter how well-tested.
Post Hoc ergo Propter Hoc
--
On 10/19/2017 06:32 PM, Hanno Böck wrote:
>
> Counterproposal: Just use SHA512.
>
> There isn't any evidence that any SHA2-based hash algorithm is going to
> be broken any time soon. If that changes there will very likely be
> decades of warning before a break becomes practical.
>
Every WiFi
On 10/20/2017 11:10 AM, Dirkjan Ochtman wrote:
>
> I support Hanno's suggestion of doing just SHA512, but would be
> interested in hearing opinions from others who have apparent
> security/crypto experience. Maybe the Security project can weigh the
> suggestions as well?
>
The whole discussion
On Fri, 20 Oct 2017 11:23:06 +0200
Ulrich Mueller wrote:
> > On Fri, 20 Oct 2017, Dirkjan Ochtman wrote:
>
> > As Hanno was saying, we'll have decades of warning before a break
> > becomes practical, so I don't think this is a real concern.
>
> How can we be sure of
On Fri, Oct 20, 2017 at 11:23 AM, Ulrich Mueller wrote:
> > On Fri, 20 Oct 2017, Dirkjan Ochtman wrote:
>
> > As Hanno was saying, we'll have decades of warning before a break
> > becomes practical, so I don't think this is a real concern.
>
> How can we be sure of that? I
> On Fri, 20 Oct 2017, Dirkjan Ochtman wrote:
> As Hanno was saying, we'll have decades of warning before a break
> becomes practical, so I don't think this is a real concern.
How can we be sure of that? I guess the same reasoning was applied
when MD5 and SHA1 hashes were used.
> I think
On Fri, Oct 20, 2017 at 12:49 AM, Gordon Pettey
wrote:
> On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote:
>
>> On Thu, 19 Oct 2017 21:08:40 +0200
>> Michał Górny wrote:
>>
>> > manifest-hashes = SHA512 SHA3_512
>>
>>
22 matches
Mail list logo