[gentoo-dev] Re: Manifest2 hashes, take n+1-th

2017-10-20 Thread Duncan
Michał Górny posted on Sat, 21 Oct 2017 01:39:55 +0200 as excerpted: > W dniu pią, 20.10.2017 o godzinie 18∶42 -0400, użytkownik Anton Molyboha > napisał: >> Would it make sense then to support several hashes but let the user >> optionally turn off the verification of some of them, depending on

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Jason A. Donenfeld
Blake2 is in coreutils already, provides an excellent security margin, and is considerably faster than both sha2 and sha3. On Oct 19, 2017 21:09, "Michał Górny" wrote: > Hi, everyone. > > The previous discussion on Manifest2 hashes pretty much died away > pending fixes to

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread R0b0t1
On Fri, Oct 20, 2017 at 8:04 AM, Kristian Fiskerstrand wrote: > On 10/20/2017 11:10 AM, Dirkjan Ochtman wrote: >> >> I support Hanno's suggestion of doing just SHA512, but would be >> interested in hearing opinions from others who have apparent >> security/crypto experience.

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread R0b0t1
Hello, I missed some messages in the time I wrote my reply. This also touches on some of the points in Mr. Górny's other message about time. On Fri, Oct 20, 2017 at 6:38 PM, Michał Górny wrote: > W dniu pią, 20.10.2017 o godzinie 00∶20 +0200, użytkownik Francesco > Riosa

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Michał Górny
W dniu pią, 20.10.2017 o godzinie 18∶42 -0400, użytkownik Anton Molyboha napisał: > On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey wrote: > > > On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote: > > > > > On Thu, 19 Oct 2017 21:08:40 +0200 > > > Michał

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Michał Górny
W dniu pią, 20.10.2017 o godzinie 00∶20 +0200, użytkownik Francesco Riosa napisał: > 2017-10-19 23:00 GMT+02:00 Michał Górny : > > > W dniu czw, 19.10.2017 o godzinie 21∶08 +0200, użytkownik Michał Górny > > napisał: > > > > > > 4. The new hashes that are stronger and commonly

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Gordon Pettey
On Fri, Oct 20, 2017 at 5:42 PM, Anton Molyboha wrote: > On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey > wrote: > >> On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote: >> >>> On Thu, 19 Oct 2017 21:08:40 +0200 >>> Michał

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Anton Molyboha
On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey wrote: > On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote: > >> On Thu, 19 Oct 2017 21:08:40 +0200 >> Michał Górny wrote: >> >> > manifest-hashes = SHA512 SHA3_512 >> >>

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread R0b0t1
Hello, On Thu, Oct 19, 2017 at 2:08 PM, Michał Górny wrote: > Hi, everyone. > > The previous discussion on Manifest2 hashes pretty much died away > pending fixes to Portage. Since Portage was fixed a while ago, and we > can now safely switch, I'd like to reboot the discussion

[gentoo-dev] last rites: app-crypt/zuluCrypt

2017-10-20 Thread Andreas K. Huettel
# Andreas K. Hüttel (20 Oct 2017) # Doesn't build with glibc-2.25, doesn't build, needs a # version bump, needs a maintainer. Bugs 604364, 599004, # 627064. Removal in 30 days. app-crypt/zuluCrypt -- Andreas K. Hüttel dilfri...@gentoo.org Gentoo Linux developer (council,

Re: [gentoo-portage-dev] [PATCH] portage.checksum: Support pyblake2 fallback for BLAKE2 hashes

2017-10-20 Thread Zac Medico
On 10/20/2017 12:26 PM, Michał Górny wrote: > --- > .travis.yml | 2 ++ > pym/portage/checksum.py | 15 +-- > 2 files changed, 15 insertions(+), 2 deletions(-) > > diff --git a/.travis.yml b/.travis.yml > index 20078530e..ebcfbeab9 100644 > --- a/.travis.yml > +++

[gentoo-portage-dev] [PATCH] portage.checksum: Support pyblake2 fallback for BLAKE2 hashes

2017-10-20 Thread Michał Górny
--- .travis.yml | 2 ++ pym/portage/checksum.py | 15 +-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 20078530e..ebcfbeab9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,6 +12,8 @@ install: # python3.6+ has sha3

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Michał Górny
W dniu pią, 20.10.2017 o godzinie 17∶42 +0200, użytkownik Paweł Hajdan, Jr. napisał: > On 19/10/2017 21:08, Michał Górny wrote: > > Considering all arguments made so far, I'd like to propose changing: > > manifest-hashes = SHA256 SHA512 WHIRLPOOL > > to: > > manifest-hashes = SHA512 SHA3_512 >

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Paweł Hajdan , Jr .
On 19/10/2017 21:08, Michał Górny wrote: > Considering all arguments made so far, I'd like to propose changing: > manifest-hashes = SHA256 SHA512 WHIRLPOOL > to: > manifest-hashes = SHA512 SHA3_512 +1, fine for me > 1. The main argument for using multiple hashes is to prevent the (very >

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Rich Freeman
On Fri, Oct 20, 2017 at 6:04 AM, Kristian Fiskerstrand wrote: > On 10/20/2017 11:10 AM, Dirkjan Ochtman wrote: >> >> I support Hanno's suggestion of doing just SHA512, but would be >> interested in hearing opinions from others who have apparent >> security/crypto experience.

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Kristian Fiskerstrand
On 10/20/2017 03:05 PM, Michael Orlitzky wrote: > Every WiFi network on the planet essentially became Starbucks overnight > on Sunday->Monday, so in my opinion we shouldn't bet against immediate > and catastrophic failure of anything, no matter how well-tested. Post Hoc ergo Propter Hoc --

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Michael Orlitzky
On 10/19/2017 06:32 PM, Hanno Böck wrote: > > Counterproposal: Just use SHA512. > > There isn't any evidence that any SHA2-based hash algorithm is going to > be broken any time soon. If that changes there will very likely be > decades of warning before a break becomes practical. > Every WiFi

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Kristian Fiskerstrand
On 10/20/2017 11:10 AM, Dirkjan Ochtman wrote: > > I support Hanno's suggestion of doing just SHA512, but would be > interested in hearing opinions from others who have apparent > security/crypto experience. Maybe the Security project can weigh the > suggestions as well? > The whole discussion

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Hanno Böck
On Fri, 20 Oct 2017 11:23:06 +0200 Ulrich Mueller wrote: > > On Fri, 20 Oct 2017, Dirkjan Ochtman wrote: > > > As Hanno was saying, we'll have decades of warning before a break > > becomes practical, so I don't think this is a real concern. > > How can we be sure of

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Dirkjan Ochtman
On Fri, Oct 20, 2017 at 11:23 AM, Ulrich Mueller wrote: > > On Fri, 20 Oct 2017, Dirkjan Ochtman wrote: > > > As Hanno was saying, we'll have decades of warning before a break > > becomes practical, so I don't think this is a real concern. > > How can we be sure of that? I

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Ulrich Mueller
> On Fri, 20 Oct 2017, Dirkjan Ochtman wrote: > As Hanno was saying, we'll have decades of warning before a break > becomes practical, so I don't think this is a real concern. How can we be sure of that? I guess the same reasoning was applied when MD5 and SHA1 hashes were used. > I think

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-20 Thread Dirkjan Ochtman
On Fri, Oct 20, 2017 at 12:49 AM, Gordon Pettey wrote: > On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote: > >> On Thu, 19 Oct 2017 21:08:40 +0200 >> Michał Górny wrote: >> >> > manifest-hashes = SHA512 SHA3_512 >> >>