Re: Adding SHA-512 to the list of digests

To: Tobias Nygren <tnn%NetBSD.org@localhost>
Subject: Re: Adding SHA-512 to the list of digests
From: Taylor R Campbell <campbell+netbsd-tech-pkg%mumble.net@localhost>
Date: Thu, 8 Oct 2015 19:37:10 +0000

   Date: Thu, 8 Oct 2015 21:23:51 +0200
   From: Tobias Nygren <tnn%NetBSD.org@localhost>

   On Thu, 8 Oct 2015 11:21:55 -0700
   Alistair Crooks <agc%pkgsrc.org@localhost> wrote:

   > -_DIGEST_ALGORITHMS?=   SHA1 RMD160
   > +_DIGEST_ALGORITHMS?=   SHA1 RMD160 SHA512
   >  _PATCH_DIGEST_ALGORITHMS?=     SHA1

   I'm not up to date on the crypto stuff, but do we gain anything
   significant in terms of security by keeping SHA1 in the list? Replacing
   a digest algorithm is "almost free", but adding one has a nonzero
   performance penalty.

In the long run, I don't think we gain anything by continuing to use
SHA-1, but we ought to wait until ~everything has SHA-512 hashes
before we stop verifying the SHA-1 hashes -- otherwise it would expose
us to any problems in RMD160, which gets relatively little public
scrutiny.

Follow-Ups:
- Re: Adding SHA-512 to the list of digests
  - From: Hubert Feyrer

References:
- Re: Adding SHA-512 to the list of digests
  - From: Tobias Nygren

Prev by Date: Re: Adding SHA-512 to the list of digests
Next by Date: Re: Adding SHA-512 to the list of digests
Previous by Thread: Re: Adding SHA-512 to the list of digests
Next by Thread: Re: Adding SHA-512 to the list of digests
Indexes:

Home | Main Index | Thread Index | Old Index