Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

W dniu nie, 12.11.2017 o godzinie 21∶22 -0500, użytkownik Joshua Kinard napisał: > On 10/24/2017 00:11, Michał Górny wrote: > > W dniu wto, 24.10.2017 o godzinie 06∶04 +0200, użytkownik Michał Górny > > napisał: > > [snip] > > > > > [BOBO06] is relevant research here, I cited it in the work that

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

On 11/12/2017 22:48, Gordon Pettey wrote: > On Sun, Nov 12, 2017 at 8:22 PM, Joshua Kinard wrote: > >> Minor clarification, old single core //and// uni-processor. Some older >> machines have multiple physical CPUs that are single-core. Threading >> should be >> okay on these,

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

On Sun, Nov 12, 2017 at 8:22 PM, Joshua Kinard wrote: > Minor clarification, old single core //and// uni-processor. Some older > machines have multiple physical CPUs that are single-core. Threading > should be > okay on these, as long as the thread count stays under NR_CPUS.

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

On 10/24/2017 00:11, Michał Górny wrote: > W dniu wto, 24.10.2017 o godzinie 06∶04 +0200, użytkownik Michał Górny > napisał: [snip] >>> [BOBO06] is relevant research here, I cited it in the work that went into >>> GLEP59, the last time we updated the hashes. The less-technical explanation >>>

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

Hello, On Wednesday, November 8, 2017, Jonas Stein wrote: > Hi "R0b0t1", > For the record, I'd claim I am. > > The question >> On what basis? > is ok, but > >> I performed a search on your name, and found at least >> one person who was belligerently calling you a liar

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

My apologies, I forgot to address something: On Sat, Oct 21, 2017 at 12:50 PM, Hanno Böck wrote: > On Sat, 21 Oct 2017 12:12:44 -0500 > R0b0t1 wrote: > >> That is precisely why I didn't suggest it be used on its own (see note >> about extant use of MD5), and

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

W dniu pon, 06.11.2017 o godzinie 19∶13 +, użytkownik Robin H. Johnson napisał: > +1 overall, just one timeline clarification. > > On Mon, Nov 06, 2017 at 05:58:21PM +0100, Michał Górny wrote: > > T + 7 days > > -- > > Set: > > manifest-hashes = BLAKE2B SHA512 > >

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Mon, Nov 6, 2017 at 2:13 PM, Robin H. Johnson wrote: > +1 overall, just one timeline clarification. > > On Mon, Nov 06, 2017 at 05:58:21PM +0100, Michał Górny wrote: >> T + 7 days >> -- >> Set: >> manifest-hashes = BLAKE2B SHA512 >> manifest-required-hashes =

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

+1 overall, just one timeline clarification. On Mon, Nov 06, 2017 at 05:58:21PM +0100, Michał Górny wrote: > T + 7 days > -- > Set: > manifest-hashes = BLAKE2B SHA512 > manifest-required-hashes = SHA512 > > New Manifest entries will use the new hashes but Portage will keep the > old

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

Hi, So here's my proposed plan, after considering all the replies. Immediately after accepting --- a. Revbump Portage to add pyblake2 dep (to ensure BLAKE2 is supported on py<3.6) and request stabilizing this version. b. Create a git update hook that rejects Manifest

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: one hash to decide them all

On Tue, Oct 24, 2017 at 9:40 PM, Robin H. Johnson wrote: > On Tue, Oct 24, 2017 at 11:33:39PM +0200, Allan Wegan wrote: >> >> That is currently the case with portage, but not an inevitable >> >> consequence of having 3 hash functions in the Manifest. Portage could >> >> be

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: one hash to decide them all

On 25/10/2017 14:32, Hanno Böck wrote: > Good security includes reducing complexity. Tough (as evident by this > thread) it's a thought many people find hard to accept. > > This thread is going into a completely different direction and I find > that worriesome. We have two non-problems ("what if

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: one hash to decide them all

Hi, On Wed, 25 Oct 2017 02:40:58 + "Robin H. Johnson" wrote: > At that point, and this is a serious proposal: > The package manager shall decide which hashes to check, but is > required to check at least one hash. The choice may be 'fastest', > 'most secure', or any

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: one hash to decide them all

On Tue, Oct 24, 2017 at 11:33:39PM +0200, Allan Wegan wrote: > >> That is currently the case with portage, but not an inevitable > >> consequence of having 3 hash functions in the Manifest. Portage could > >> be made to check only one or two of them (even by default), giving > >> the tie-breaking

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

>> That is currently the case with portage, but not an inevitable >> consequence of having 3 hash functions in the Manifest. Portage could >> be made to check only one or two of them (even by default), giving >> the tie-breaking ability to those who need it, and speeding up things >> for those who

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

W dniu wto, 24.10.2017 o godzinie 13∶56 +0200, użytkownik Chí-Thanh Christopher Nguyễn napisał: > Michał Górny schrieb: > > Oh, and most notably, the speed loss will be mostly visible to users. > > An attacker would have to compute the additional hashes only > > if the fastest hash already

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

On Tue, Oct 24, 2017 at 4:21 AM, Paweł Hajdan, Jr. wrote: > On 24/10/2017 06:11, Michał Górny wrote: >> W dniu wto, 24.10.2017 o godzinie 06∶04 +0200, użytkownik Michał Górny >> napisał: >>> Three hashes don't give any noticeable advantage. If we want a diverse >>>

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

Michał Górny schrieb: > Oh, and most notably, the speed loss will be mostly visible to users. > An attacker would have to compute the additional hashes only > if the fastest hash already matched, i.e. rarely. Users will have to > compute them all the time. That is currently the case with portage,

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

On 24/10/2017 06:11, Michał Górny wrote: > W dniu wto, 24.10.2017 o godzinie 06∶04 +0200, użytkownik Michał Górny > napisał: >> Three hashes don't give any noticeable advantage. If we want a diverse >> construct, we take SHA3. SHA3 is slower than SHA2 + BLAKE2 combined, so >> even with 3 threaded

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

W dniu wto, 24.10.2017 o godzinie 06∶04 +0200, użytkownik Michał Górny napisał: > W dniu pon, 23.10.2017 o godzinie 21∶00 +, użytkownik Robin H. > Johnson napisał: > > On Mon, Oct 23, 2017 at 01:33:15PM +0200, Michał Górny wrote: > > > Dnia 23 października 2017 10:16:38 CEST, "Robin H.

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

W dniu pon, 23.10.2017 o godzinie 21∶00 +, użytkownik Robin H. Johnson napisał: > On Mon, Oct 23, 2017 at 01:33:15PM +0200, Michał Górny wrote: > > Dnia 23 października 2017 10:16:38 CEST, "Robin H. Johnson" > > napisał(a): > > > On Fri, Oct 20, 2017 at 05:21:47PM -0500,

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

On Mon, Oct 23, 2017 at 01:33:15PM +0200, Michał Górny wrote: > Dnia 23 października 2017 10:16:38 CEST, "Robin H. Johnson" > napisał(a): > >On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote: > >> In general I do not mind updating the algorithms used, but I do feel > >>

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

Dnia 23 października 2017 10:16:38 CEST, "Robin H. Johnson" napisał(a): >On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote: >> In general I do not mind updating the algorithms used, but I do feel >> it is important to keep at least three present. Without at least >three

Re: [gentoo-dev] Manifest2 hashes, take n+1-th: 3 hashes for the tie-breaker case

On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote: > In general I do not mind updating the algorithms used, but I do feel > it is important to keep at least three present. Without at least three > (or a larger odd number) it is not possible to break a tie. > > That may ultimately be beside

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Sat, 21 Oct 2017 12:12:44 -0500 R0b0t1 wrote: > That is precisely why I didn't suggest it be used on its own (see note > about extant use of MD5), and why I gave alternatives. If it is > desired that the hashes be computed quickly then weaker hashes will > need to be used.

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Sat, Oct 21, 2017 at 12:12 PM, R0b0t1 wrote: > On Sat, Oct 21, 2017 at 11:26 AM, Robin H. Johnson wrote: >> On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote: >>> I would like to present my suggestions: >>> >>> SHA512, (RIPEMD160 | WHIRLPOOL |

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Sat, Oct 21, 2017 at 11:26 AM, Robin H. Johnson wrote: > On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote: >> I would like to present my suggestions: >> >> SHA512, (RIPEMD160 | WHIRLPOOL | BLAKE2B), (SHA3_512 | BLAKE2B); >> >> or more definitively: >> >> SHA512,

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Fri, Oct 20, 2017 at 05:21:47PM -0500, R0b0t1 wrote: > I would like to present my suggestions: > > SHA512, (RIPEMD160 | WHIRLPOOL | BLAKE2B), (SHA3_512 | BLAKE2B); > > or more definitively: > > SHA512, RIPEMD160, BLAKE2B. Please do NOT reintroduce RIPEMD160. It was one of the older Portage

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

W dniu sob, 21.10.2017 o godzinie 10∶01 +0200, użytkownik Paweł Hajdan, Jr. napisał: > On 20/10/2017 18:15, Michał Górny wrote: > > W dniu pią, 20.10.2017 o godzinie 17∶42 +0200, użytkownik Paweł Hajdan, > > Jr. napisał: > > > Curious, do we have any measurements/estimates of the performance cost?

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On 20/10/2017 18:15, Michał Górny wrote: > W dniu pią, 20.10.2017 o godzinie 17∶42 +0200, użytkownik Paweł Hajdan, > Jr. napisał: >> Curious, do we have any measurements/estimates of the performance cost? > > With a single thread serial processing of all hashes, it's just sum of > times involved

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

W dniu sob, 21.10.2017 o godzinie 04∶08 +0200, użytkownik Chí-Thanh Christopher Nguyễn napisał: > Michał Górny schrieb: > > to: > > > > manifest-hashes = SHA512 SHA3_512 > > +1 > > Just wondering about the performance argument on weak systems: > Does Portage absolutely have to check all of

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

W dniu sob, 21.10.2017 o godzinie 04∶01 +0200, użytkownik Jason A. Donenfeld napisał: > Blake2 is in coreutils already, provides an excellent security margin, and > is considerably faster than both sha2 and sha3. > Yes, we've already switched the proposal to BLAKE2B. Although it is only faster

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

Blake2 is in coreutils already, provides an excellent security margin, and is considerably faster than both sha2 and sha3. On Oct 19, 2017 21:09, "Michał Górny" wrote: > Hi, everyone. > > The previous discussion on Manifest2 hashes pretty much died away > pending fixes to

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Fri, Oct 20, 2017 at 8:04 AM, Kristian Fiskerstrand wrote: > On 10/20/2017 11:10 AM, Dirkjan Ochtman wrote: >> >> I support Hanno's suggestion of doing just SHA512, but would be >> interested in hearing opinions from others who have apparent >> security/crypto experience.

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

Hello, I missed some messages in the time I wrote my reply. This also touches on some of the points in Mr. Górny's other message about time. On Fri, Oct 20, 2017 at 6:38 PM, Michał Górny wrote: > W dniu pią, 20.10.2017 o godzinie 00∶20 +0200, użytkownik Francesco > Riosa

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

W dniu pią, 20.10.2017 o godzinie 18∶42 -0400, użytkownik Anton Molyboha napisał: > On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey wrote: > > > On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote: > > > > > On Thu, 19 Oct 2017 21:08:40 +0200 > > > Michał

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

W dniu pią, 20.10.2017 o godzinie 00∶20 +0200, użytkownik Francesco Riosa napisał: > 2017-10-19 23:00 GMT+02:00 Michał Górny : > > > W dniu czw, 19.10.2017 o godzinie 21∶08 +0200, użytkownik Michał Górny > > napisał: > > > > > > 4. The new hashes that are stronger and commonly

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Fri, Oct 20, 2017 at 5:42 PM, Anton Molyboha wrote: > On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey > wrote: > >> On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote: >> >>> On Thu, 19 Oct 2017 21:08:40 +0200 >>> Michał

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Thu, Oct 19, 2017 at 6:49 PM, Gordon Pettey wrote: > On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote: > >> On Thu, 19 Oct 2017 21:08:40 +0200 >> Michał Górny wrote: >> >> > manifest-hashes = SHA512 SHA3_512 >> >>

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

Hello, On Thu, Oct 19, 2017 at 2:08 PM, Michał Górny wrote: > Hi, everyone. > > The previous discussion on Manifest2 hashes pretty much died away > pending fixes to Portage. Since Portage was fixed a while ago, and we > can now safely switch, I'd like to reboot the discussion

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

W dniu pią, 20.10.2017 o godzinie 17∶42 +0200, użytkownik Paweł Hajdan, Jr. napisał: > On 19/10/2017 21:08, Michał Górny wrote: > > Considering all arguments made so far, I'd like to propose changing: > > manifest-hashes = SHA256 SHA512 WHIRLPOOL > > to: > > manifest-hashes = SHA512 SHA3_512 >

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On 19/10/2017 21:08, Michał Górny wrote: > Considering all arguments made so far, I'd like to propose changing: > manifest-hashes = SHA256 SHA512 WHIRLPOOL > to: > manifest-hashes = SHA512 SHA3_512 +1, fine for me > 1. The main argument for using multiple hashes is to prevent the (very >

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Fri, Oct 20, 2017 at 6:04 AM, Kristian Fiskerstrand wrote: > On 10/20/2017 11:10 AM, Dirkjan Ochtman wrote: >> >> I support Hanno's suggestion of doing just SHA512, but would be >> interested in hearing opinions from others who have apparent >> security/crypto experience.

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On 10/20/2017 03:05 PM, Michael Orlitzky wrote: > Every WiFi network on the planet essentially became Starbucks overnight > on Sunday->Monday, so in my opinion we shouldn't bet against immediate > and catastrophic failure of anything, no matter how well-tested. Post Hoc ergo Propter Hoc --

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On 10/19/2017 06:32 PM, Hanno Böck wrote: > > Counterproposal: Just use SHA512. > > There isn't any evidence that any SHA2-based hash algorithm is going to > be broken any time soon. If that changes there will very likely be > decades of warning before a break becomes practical. > Every WiFi

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On 10/20/2017 11:10 AM, Dirkjan Ochtman wrote: > > I support Hanno's suggestion of doing just SHA512, but would be > interested in hearing opinions from others who have apparent > security/crypto experience. Maybe the Security project can weigh the > suggestions as well? > The whole discussion

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Fri, 20 Oct 2017 11:23:06 +0200 Ulrich Mueller wrote: > > On Fri, 20 Oct 2017, Dirkjan Ochtman wrote: > > > As Hanno was saying, we'll have decades of warning before a break > > becomes practical, so I don't think this is a real concern. > > How can we be sure of

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Fri, Oct 20, 2017 at 11:23 AM, Ulrich Mueller wrote: > > On Fri, 20 Oct 2017, Dirkjan Ochtman wrote: > > > As Hanno was saying, we'll have decades of warning before a break > > becomes practical, so I don't think this is a real concern. > > How can we be sure of that? I

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

> On Fri, 20 Oct 2017, Dirkjan Ochtman wrote: > As Hanno was saying, we'll have decades of warning before a break > becomes practical, so I don't think this is a real concern. How can we be sure of that? I guess the same reasoning was applied when MD5 and SHA1 hashes were used. > I think

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Fri, Oct 20, 2017 at 12:49 AM, Gordon Pettey wrote: > On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote: > >> On Thu, 19 Oct 2017 21:08:40 +0200 >> Michał Górny wrote: >> >> > manifest-hashes = SHA512 SHA3_512 >> >>

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Thu, Oct 19, 2017 at 5:32 PM, Hanno Böck wrote: > On Thu, 19 Oct 2017 21:08:40 +0200 > Michał Górny wrote: > > > manifest-hashes = SHA512 SHA3_512 > > Counterproposal: Just use SHA512. > > There isn't any evidence that any SHA2-based hash algorithm is

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

On Thu, 19 Oct 2017 21:08:40 +0200 Michał Górny wrote: > manifest-hashes = SHA512 SHA3_512 Counterproposal: Just use SHA512. There isn't any evidence that any SHA2-based hash algorithm is going to be broken any time soon. If that changes there will very likely be decades

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

2017-10-19 23:00 GMT+02:00 Michał Górny : > W dniu czw, 19.10.2017 o godzinie 21∶08 +0200, użytkownik Michał Górny > napisał: > > > > 4. The new hashes that are stronger and commonly available are > > SHA3/Keccak (using sponges) and BLAKE2 (HAIFA). Both are diverse from > > our

Re: [gentoo-dev] Manifest2 hashes, take n+1-th

W dniu czw, 19.10.2017 o godzinie 21∶08 +0200, użytkownik Michał Górny napisał: > > 4. The new hashes that are stronger and commonly available are > SHA3/Keccak (using sponges) and BLAKE2 (HAIFA). Both are diverse from > our current algorithms, so either is a good candidate. The choice of >