Uzair Farooq:
> Hey,
>
>> How long does it take to get a successful result of the verification
>> extension on your machine?
>
> It took half an hour for us. We haven't processed such large SHA files
> previously so I wasn't aware that it could take this long. Again, the
> problem here is that the javascript implementation of the SHA algo is not
> that efficient enough. We can try some other SHA libraries but I don't
> expect they will make a considerable difference.
Looking at this benchmark:
https://github.com/brillout/test-javascript-hash-implementations
I can see a >10x speed difference between different implementations, so I think
it's worth looking into this, so let's hope you picked a comparatively slow
library. :)
Regarding the time it takes to do the computation:
- 30 minutes is just too long to expect our users to wait (in addition to the
download), to the point where I think we'd decide to drop the whole extension
idea. :/
- Ideally calculating the checksum should take less than 1 minute.
- If we can't get that fast, we might have to add a progress bar to the
computation: we can't expect people to wait several minutes without any
indication on how long the whole process will take. With a progress bar maybe
up to 5? 10? minutes maximum would be acceptable.
So, can you please look at the top candidates among those implementations and
report back your measurements? Of course, we're only interested in "streaming"
variants, that can calculate the digest chunk-by-chunk, so not the whole ISO
image has to be read into RAM at the same time.
>> So do you confirm that we won't be able to do certificate pining in the
>> new extension?
>
> Yeah, unfortunately not possible with webextensions.
That's unfortunate, but not catastrophic (users visit our web page without
certificate pinning involved). We'll discuss internally what to do about this
(if anything) but for now let focus on solving the issue around hashing first
as it's a critical one.
Cheers!
_______________________________________________
Tails-dev mailing list
[email protected]
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
[email protected].
