On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey wrote:
> On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote:
>
>> On Thu, 19 Oct 2017 21:08:40 +0200
>> Michał Górny wrote:
>>
>> > manifest-hashes = SHA512 SHA3_512
>>
>> Counterproposal: Just use SHA512.
>>
>> There isn't any evidence that any SHA2-based hash algorithm is going to
>> be broken any time soon. If that changes there will very likely be
>> decades of warning before a break becomes practical.
>>
>> Having just one hash is simpler and using a well supported one like
>> SHA512 may make things easier than using something that's still not
>> very widely supported.
>
>
> Yet having more than one lets you match make sure nobody hijacked your
> manifest file when an attack vector is inevitably discovered for the old
> new algorithm (whether SHA2, SHA3, or BLAKE2), because you'll be able to
> confirm the file is the same one that matched the old checksum in addition
> to the new one.
>
Would it make sense then to support several hashes but let the user
optionally turn off the verification of some of them, depending on the
user's security vs performance requirements?
--
Anton
