W dniu nie, 12.11.2017 o godzinie 21∶22 -0500, użytkownik Joshua Kinard
napisał:
> On 10/24/2017 00:11, Michał Górny wrote:
> > W dniu wto, 24.10.2017 o godzinie 06∶04 +0200, użytkownik Michał Górny
> > napisał:
>
> [snip]
>
> > > > [BOBO06] is relevant research here, I cited it in the work that
On 11/12/2017 22:48, Gordon Pettey wrote:
> On Sun, Nov 12, 2017 at 8:22 PM, Joshua Kinard wrote:
>
>> Minor clarification, old single core //and// uni-processor. Some older
>> machines have multiple physical CPUs that are single-core. Threading
>> should be
>> okay on these, as long as the thr
On Sun, Nov 12, 2017 at 8:22 PM, Joshua Kinard wrote:
> Minor clarification, old single core //and// uni-processor. Some older
> machines have multiple physical CPUs that are single-core. Threading
> should be
> okay on these, as long as the thread count stays under NR_CPUS.
>
> I also have a r
On 10/24/2017 00:11, Michał Górny wrote:
> W dniu wto, 24.10.2017 o godzinie 06∶04 +0200, użytkownik Michał Górny
> napisał:
[snip]
>>> [BOBO06] is relevant research here, I cited it in the work that went into
>>> GLEP59, the last time we updated the hashes. The less-technical explanation
>>> of
Hello,
On Wednesday, November 8, 2017, Jonas Stein wrote:
> Hi "R0b0t1",
>
For the record, I'd claim I am.
>
> The question
>> On what basis?
> is ok, but
>
>> I performed a search on your name, and found at least
>> one person who was belligerently calling you a liar [..]
>
> does not fit h
My apologies, I forgot to address something:
On Sat, Oct 21, 2017 at 12:50 PM, Hanno Böck wrote:
> On Sat, 21 Oct 2017 12:12:44 -0500
> R0b0t1 wrote:
>
>> That is precisely why I didn't suggest it be used on its own (see note
>> about extant use of MD5), and why I gave alternatives. If it is
>>
W dniu pon, 06.11.2017 o godzinie 19∶13 +, użytkownik Robin H.
Johnson napisał:
> +1 overall, just one timeline clarification.
>
> On Mon, Nov 06, 2017 at 05:58:21PM +0100, Michał Górny wrote:
> > T + 7 days
> > --
> > Set:
> > manifest-hashes = BLAKE2B SHA512
> > manifest-required
On Mon, Nov 6, 2017 at 2:13 PM, Robin H. Johnson wrote:
> +1 overall, just one timeline clarification.
>
> On Mon, Nov 06, 2017 at 05:58:21PM +0100, Michał Górny wrote:
>> T + 7 days
>> --
>> Set:
>> manifest-hashes = BLAKE2B SHA512
>> manifest-required-hashes = SHA512
>>
>> New Manife
+1 overall, just one timeline clarification.
On Mon, Nov 06, 2017 at 05:58:21PM +0100, Michał Górny wrote:
> T + 7 days
> --
> Set:
> manifest-hashes = BLAKE2B SHA512
> manifest-required-hashes = SHA512
>
> New Manifest entries will use the new hashes but Portage will keep the
> old h
Hi,
So here's my proposed plan, after considering all the replies.
Immediately after accepting
---
a. Revbump Portage to add pyblake2 dep (to ensure BLAKE2 is supported
on py<3.6) and request stabilizing this version.
b. Create a git update hook that rejects Manifest en
On Tue, Oct 24, 2017 at 9:40 PM, Robin H. Johnson wrote:
> On Tue, Oct 24, 2017 at 11:33:39PM +0200, Allan Wegan wrote:
>> >> That is currently the case with portage, but not an inevitable
>> >> consequence of having 3 hash functions in the Manifest. Portage could
>> >> be made to check only one o
On 25/10/2017 14:32, Hanno Böck wrote:
> Good security includes reducing complexity. Tough (as evident by this
> thread) it's a thought many people find hard to accept.
>
> This thread is going into a completely different direction and I find
> that worriesome. We have two non-problems ("what if se
Hi,
On Wed, 25 Oct 2017 02:40:58 +
"Robin H. Johnson" wrote:
> At that point, and this is a serious proposal:
> The package manager shall decide which hashes to check, but is
> required to check at least one hash. The choice may be 'fastest',
> 'most secure', or any local factor.
Sorry to c
On Tue, Oct 24, 2017 at 11:33:39PM +0200, Allan Wegan wrote:
> >> That is currently the case with portage, but not an inevitable
> >> consequence of having 3 hash functions in the Manifest. Portage could
> >> be made to check only one or two of them (even by default), giving
> >> the tie-breaking a
>> That is currently the case with portage, but not an inevitable
>> consequence of having 3 hash functions in the Manifest. Portage could
>> be made to check only one or two of them (even by default), giving
>> the tie-breaking ability to those who need it, and speeding up things
>> for those who
W dniu wto, 24.10.2017 o godzinie 13∶56 +0200, użytkownik Chí-Thanh
Christopher Nguyễn napisał:
> Michał Górny schrieb:
> > Oh, and most notably, the speed loss will be mostly visible to users.
> > An attacker would have to compute the additional hashes only
> > if the fastest hash already matched,
On Tue, Oct 24, 2017 at 4:21 AM, Paweł Hajdan, Jr.
wrote:
> On 24/10/2017 06:11, Michał Górny wrote:
>> W dniu wto, 24.10.2017 o godzinie 06∶04 +0200, użytkownik Michał Górny
>> napisał:
>>> Three hashes don't give any noticeable advantage. If we want a diverse
>>> construct, we take SHA3. SHA3 is
Michał Górny schrieb:
> Oh, and most notably, the speed loss will be mostly visible to users.
> An attacker would have to compute the additional hashes only
> if the fastest hash already matched, i.e. rarely. Users will have to
> compute them all the time.
That is currently the case with portage,
On 24/10/2017 06:11, Michał Górny wrote:
> W dniu wto, 24.10.2017 o godzinie 06∶04 +0200, użytkownik Michał Górny
> napisał:
>> Three hashes don't give any noticeable advantage. If we want a diverse
>> construct, we take SHA3. SHA3 is slower than SHA2 + BLAKE2 combined, so
>> even with 3 threaded c
W dniu wto, 24.10.2017 o godzinie 06∶04 +0200, użytkownik Michał Górny
napisał:
> W dniu pon, 23.10.2017 o godzinie 21∶00 +, użytkownik Robin H.
> Johnson napisał:
> > On Mon, Oct 23, 2017 at 01:33:15PM +0200, Michał Górny wrote:
> > > Dnia 23 października 2017 10:16:38 CEST, "Robin H. Johnson"
W dniu pon, 23.10.2017 o godzinie 21∶00 +, użytkownik Robin H.
Johnson napisał:
> On Mon, Oct 23, 2017 at 01:33:15PM +0200, Michał Górny wrote:
> > Dnia 23 października 2017 10:16:38 CEST, "Robin H. Johnson"
> > napisał(a):
> > > On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote:
> > > >
On Mon, Oct 23, 2017 at 01:33:15PM +0200, Michał Górny wrote:
> Dnia 23 października 2017 10:16:38 CEST, "Robin H. Johnson"
> napisał(a):
> >On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote:
> >> In general I do not mind updating the algorithms used, but I do feel
> >> it is important to ke
Dnia 23 października 2017 10:16:38 CEST, "Robin H. Johnson"
napisał(a):
>On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote:
>> In general I do not mind updating the algorithms used, but I do feel
>> it is important to keep at least three present. Without at least
>three
>> (or a larger odd n
On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote:
> In general I do not mind updating the algorithms used, but I do feel
> it is important to keep at least three present. Without at least three
> (or a larger odd number) it is not possible to break a tie.
>
> That may ultimately be beside th
On Sat, 21 Oct 2017 12:12:44 -0500
R0b0t1 wrote:
> That is precisely why I didn't suggest it be used on its own (see note
> about extant use of MD5), and why I gave alternatives. If it is
> desired that the hashes be computed quickly then weaker hashes will
> need to be used. One usually can't ha
On Sat, Oct 21, 2017 at 12:12 PM, R0b0t1 wrote:
> On Sat, Oct 21, 2017 at 11:26 AM, Robin H. Johnson wrote:
>> On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote:
>>> I would like to present my suggestions:
>>>
>>> SHA512, (RIPEMD160 | WHIRLPOOL | BLAKE2B), (SHA3_512 | BLAKE2B);
>>>
>>> or mo
On Sat, Oct 21, 2017 at 11:26 AM, Robin H. Johnson wrote:
> On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote:
>> I would like to present my suggestions:
>>
>> SHA512, (RIPEMD160 | WHIRLPOOL | BLAKE2B), (SHA3_512 | BLAKE2B);
>>
>> or more definitively:
>>
>> SHA512, RIPEMD160, BLAKE2B.
> Plea
On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote:
> I would like to present my suggestions:
>
> SHA512, (RIPEMD160 | WHIRLPOOL | BLAKE2B), (SHA3_512 | BLAKE2B);
>
> or more definitively:
>
> SHA512, RIPEMD160, BLAKE2B.
Please do NOT reintroduce RIPEMD160. It was one of the older Portage
ha
W dniu sob, 21.10.2017 o godzinie 10∶01 +0200, użytkownik Paweł Hajdan,
Jr. napisał:
> On 20/10/2017 18:15, Michał Górny wrote:
> > W dniu pią, 20.10.2017 o godzinie 17∶42 +0200, użytkownik Paweł Hajdan,
> > Jr. napisał:
> > > Curious, do we have any measurements/estimates of the performance cost?
On 20/10/2017 18:15, Michał Górny wrote:
> W dniu pią, 20.10.2017 o godzinie 17∶42 +0200, użytkownik Paweł Hajdan,
> Jr. napisał:
>> Curious, do we have any measurements/estimates of the performance cost?
>
> With a single thread serial processing of all hashes, it's just sum of
> times involved i
W dniu sob, 21.10.2017 o godzinie 04∶08 +0200, użytkownik Chí-Thanh
Christopher Nguyễn napisał:
> Michał Górny schrieb:
> > to:
> >
> > manifest-hashes = SHA512 SHA3_512
>
> +1
>
> Just wondering about the performance argument on weak systems:
> Does Portage absolutely have to check all of the
W dniu sob, 21.10.2017 o godzinie 04∶01 +0200, użytkownik Jason A.
Donenfeld napisał:
> Blake2 is in coreutils already, provides an excellent security margin, and
> is considerably faster than both sha2 and sha3.
>
Yes, we've already switched the proposal to BLAKE2B. Although it is only
faster if
Michał Górny schrieb:
> to:
>
> manifest-hashes = SHA512 SHA3_512
+1
Just wondering about the performance argument on weak systems:
Does Portage absolutely have to check all of the hashes or can it be
configured by the user to check only a subset of them?
Best regards,
Chí-Thanh Christopher
Blake2 is in coreutils already, provides an excellent security margin, and
is considerably faster than both sha2 and sha3.
On Oct 19, 2017 21:09, "Michał Górny" wrote:
> Hi, everyone.
>
> The previous discussion on Manifest2 hashes pretty much died away
> pending fixes to Portage. Since Portage
On Fri, Oct 20, 2017 at 8:04 AM, Kristian Fiskerstrand wrote:
> On 10/20/2017 11:10 AM, Dirkjan Ochtman wrote:
>>
>> I support Hanno's suggestion of doing just SHA512, but would be
>> interested in hearing opinions from others who have apparent
>> security/crypto experience. Maybe the Security pro
Hello,
I missed some messages in the time I wrote my reply. This also touches
on some of the points in Mr. Górny's other message about time.
On Fri, Oct 20, 2017 at 6:38 PM, Michał Górny wrote:
> W dniu pią, 20.10.2017 o godzinie 00∶20 +0200, użytkownik Francesco
> Riosa napisał:
>> 2017-10-19 2
W dniu pią, 20.10.2017 o godzinie 18∶42 -0400, użytkownik Anton Molyboha
napisał:
> On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey wrote:
>
> > On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote:
> >
> > > On Thu, 19 Oct 2017 21:08:40 +0200
> > > Michał Górny wrote:
> > >
> > > > manifest-ha
W dniu pią, 20.10.2017 o godzinie 00∶20 +0200, użytkownik Francesco
Riosa napisał:
> 2017-10-19 23:00 GMT+02:00 Michał Górny :
>
> > W dniu czw, 19.10.2017 o godzinie 21∶08 +0200, użytkownik Michał Górny
> > napisał:
> > >
> > > 4. The new hashes that are stronger and commonly available are
> > >
On Fri, Oct 20, 2017 at 5:42 PM, Anton Molyboha wrote:
> On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey
> wrote:
>
>> On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote:
>>
>>> On Thu, 19 Oct 2017 21:08:40 +0200
>>> Michał Górny wrote:
>>>
>>> > manifest-hashes = SHA512 SHA3_512
>>>
>>> Count
On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey wrote:
> On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote:
>
>> On Thu, 19 Oct 2017 21:08:40 +0200
>> Michał Górny wrote:
>>
>> > manifest-hashes = SHA512 SHA3_512
>>
>> Counterproposal: Just use SHA512.
>>
>> There isn't any evidence that any S
Hello,
On Thu, Oct 19, 2017 at 2:08 PM, Michał Górny wrote:
> Hi, everyone.
>
> The previous discussion on Manifest2 hashes pretty much died away
> pending fixes to Portage. Since Portage was fixed a while ago, and we
> can now safely switch, I'd like to reboot the discussion before
> submitting
W dniu pią, 20.10.2017 o godzinie 17∶42 +0200, użytkownik Paweł Hajdan,
Jr. napisał:
> On 19/10/2017 21:08, Michał Górny wrote:
> > Considering all arguments made so far, I'd like to propose changing:
> > manifest-hashes = SHA256 SHA512 WHIRLPOOL
> > to:
> > manifest-hashes = SHA512 SHA3_512
>
On 19/10/2017 21:08, Michał Górny wrote:
> Considering all arguments made so far, I'd like to propose changing:
> manifest-hashes = SHA256 SHA512 WHIRLPOOL
> to:
> manifest-hashes = SHA512 SHA3_512
+1, fine for me
> 1. The main argument for using multiple hashes is to prevent the (very
> unli
On Fri, Oct 20, 2017 at 6:04 AM, Kristian Fiskerstrand wrote:
> On 10/20/2017 11:10 AM, Dirkjan Ochtman wrote:
>>
>> I support Hanno's suggestion of doing just SHA512, but would be
>> interested in hearing opinions from others who have apparent
>> security/crypto experience. Maybe the Security pro
On 10/20/2017 03:05 PM, Michael Orlitzky wrote:
> Every WiFi network on the planet essentially became Starbucks overnight
> on Sunday->Monday, so in my opinion we shouldn't bet against immediate
> and catastrophic failure of anything, no matter how well-tested.
Post Hoc ergo Propter Hoc
--
Krist
On 10/19/2017 06:32 PM, Hanno Böck wrote:
>
> Counterproposal: Just use SHA512.
>
> There isn't any evidence that any SHA2-based hash algorithm is going to
> be broken any time soon. If that changes there will very likely be
> decades of warning before a break becomes practical.
>
Every WiFi ne
On 10/20/2017 11:10 AM, Dirkjan Ochtman wrote:
>
> I support Hanno's suggestion of doing just SHA512, but would be
> interested in hearing opinions from others who have apparent
> security/crypto experience. Maybe the Security project can weigh the
> suggestions as well?
>
The whole discussion i
On Fri, 20 Oct 2017 11:23:06 +0200
Ulrich Mueller wrote:
> > On Fri, 20 Oct 2017, Dirkjan Ochtman wrote:
>
> > As Hanno was saying, we'll have decades of warning before a break
> > becomes practical, so I don't think this is a real concern.
>
> How can we be sure of that? I guess the sa
On Fri, Oct 20, 2017 at 11:23 AM, Ulrich Mueller wrote:
> > On Fri, 20 Oct 2017, Dirkjan Ochtman wrote:
>
> > As Hanno was saying, we'll have decades of warning before a break
> > becomes practical, so I don't think this is a real concern.
>
> How can we be sure of that? I guess the same reas
> On Fri, 20 Oct 2017, Dirkjan Ochtman wrote:
> As Hanno was saying, we'll have decades of warning before a break
> becomes practical, so I don't think this is a real concern.
How can we be sure of that? I guess the same reasoning was applied
when MD5 and SHA1 hashes were used.
> I think the
On Fri, Oct 20, 2017 at 12:49 AM, Gordon Pettey
wrote:
> On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote:
>
>> On Thu, 19 Oct 2017 21:08:40 +0200
>> Michał Górny wrote:
>>
>> > manifest-hashes = SHA512 SHA3_512
>>
>> Counterproposal: Just use SHA512.
>>
>> There isn't any evidence that any
On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote:
> On Thu, 19 Oct 2017 21:08:40 +0200
> Michał Górny wrote:
>
> > manifest-hashes = SHA512 SHA3_512
>
> Counterproposal: Just use SHA512.
>
> There isn't any evidence that any SHA2-based hash algorithm is going to
> be broken any time soon. If
On Thu, 19 Oct 2017 21:08:40 +0200
Michał Górny wrote:
> manifest-hashes = SHA512 SHA3_512
Counterproposal: Just use SHA512.
There isn't any evidence that any SHA2-based hash algorithm is going to
be broken any time soon. If that changes there will very likely be
decades of warning before a b
2017-10-19 23:00 GMT+02:00 Michał Górny :
> W dniu czw, 19.10.2017 o godzinie 21∶08 +0200, użytkownik Michał Górny
> napisał:
> >
> > 4. The new hashes that are stronger and commonly available are
> > SHA3/Keccak (using sponges) and BLAKE2 (HAIFA). Both are diverse from
> > our current algorithms,
W dniu czw, 19.10.2017 o godzinie 21∶08 +0200, użytkownik Michał Górny
napisał:
>
> 4. The new hashes that are stronger and commonly available are
> SHA3/Keccak (using sponges) and BLAKE2 (HAIFA). Both are diverse from
> our current algorithms, so either is a good candidate. The choice of
> Keccak
Hi, everyone.
The previous discussion on Manifest2 hashes pretty much died away
pending fixes to Portage. Since Portage was fixed a while ago, and we
can now safely switch, I'd like to reboot the discussion before
submitting the item for the next Council meeting.
Considering all arguments made so
56 matches
Mail list logo