tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Adding SHA-512 to the list of digests

Oh, nice, thanks! My problem with blake2 has always been that (with no
disrespect to Zooko and co) the much-vaunted speed is achieved by the
use of assembly; your portable C versions are nice for the
cross-platform aspect of pkgsrc, thanks. (I also have versions of
these in C in multigest, but my problem has always been that I
couldn't find reference vectors for them).

WRT reducing CPU cycles - I'm not paranoid to think that pkgsrc is a
primary target for anyone wanting to spend $100K on a GPU farm, and
calculation of digests is fairly insignificant in the face of the
shell gyrations that GNU configure goes through, but long-term I think
we should be getting rid of SHA1 and RMD160, and moving to SHA3-512
and SHA-512.

Yes, I'd like to have used sha3 instead of sha512 right now, but
they're not in (the program) digest, yet, and I think it would
probably take us at least a quarter to move to a new digest version -
so we should look to the end goal being sha512 and sha3-512, and look
to have everything in that form by 2016Q2. At the same time, we should
look at making digest into a library and a calling program - the
library would be useful to have for scripting languages and so many
other tools. Things have moved on from when digest was first written

On 8 October 2015 at 12:25, Taylor R Campbell
<> wrote:
>    Date: Thu, 8 Oct 2015 11:21:55 -0700
>    From: Alistair Crooks <>
>    For distfile checksums, I'd like to add SHA-512 to our current mix of
>    SHA-1 and RMD160.  [...]
>    In this way, pkgsrc distinfo files will be updated over time to have 3
>    digests, with a mopping up operation for some of the packages which
>    aren't so volatile.
>    Does anyone have any problems with this?
> Nope!  Please do it.
> Along with SHA-512, it might be nice to add a hash function with a
> substantially different design, e.g. BLAKE2b or SHA3-512 (now that it
> is finalized!), for improved diversity.  Dunno whether digest can
> handle them -- if not, I wrote simple portable C code for them here:
> Thoughts about planning to phase out SHA-1 and/or RMD160 later, to
> reduce the CPU cycles needed to verify distfiles?

Home | Main Index | Thread Index | Old Index