From: "brian m. carlson" <sandals@crustytoothpaste.net> To: Johannes Schindelin <Johannes.Schindelin@gmx.de> Cc: Jonathan Nieder <jrnieder@gmail.com>, git@vger.kernel.org, demerphq <demerphq@gmail.com>, Linus Torvalds <torvalds@linux-foundation.org>, Adam Langley <agl@google.com>, The Keccak Team <keccak@noekeon.org> Subject: Re: Hash algorithm analysis Date: Sat, 21 Jul 2018 23:59:41 +0000 [thread overview] Message-ID: <20180721235941.GG18502@genre.crustytoothpaste.net> (raw) In-Reply-To: <nycvar.QRO.7.76.6.1807220036340.71@tvgsbejvaqbjf.bet> [-- Attachment #1: Type: text/plain, Size: 3089 bytes --] On Sun, Jul 22, 2018 at 12:38:41AM +0200, Johannes Schindelin wrote: > Do you really want to value contributors' opinion more than > cryptographers'? I mean, that's exactly what got us into this hard-coded > SHA-1 mess in the first place. I agree (believe me, of all people, I agree) that hard-coding SHA-1 was a bad choice in retrospect. But I've solicited contributors' opinions because the Git Project needs to make a decision *for this project* about the algorithm we're going to use going forward. > And to set the record straight: I do not have a strong preference of the > hash algorithm. But cryprographers I have the incredible luck to have > access to, by virtue of being a colleague, did mention their preference. I don't know your colleagues, and they haven't commented here. One person that has commented here is Adam Langley. It is my impression (and anyone is free to correct me if I'm incorrect) that he is indeed a cryptographer. To quote him[0]: I think this group can safely assume that SHA-256, SHA-512, BLAKE2, K12, etc are all secure to the extent that I don't believe that making comparisons between them on that axis is meaningful. Thus I think the question is primarily concerned with performance and implementation availability. […] So, overall, none of these choices should obviously be excluded. The considerations at this point are not cryptographic and the tradeoff between implementation ease and performance is one that the git community would have to make. I'm aware that cryptographers tend to prefer algorithms that have been studied longer over ones that have been studied less. They also prefer algorithms built in the open to ones developed behind closed doors. SHA-256 has the benefit that it has been studied for a long time, but it was also designed in secret by the NSA. SHA3-256 was created with significant study in the open, but is not as mature. BLAKE2b has been incorporated into standards like Argon2, but has been weakened slightly for performance. I'm not sure that there's a really obvious choice here. I'm at the point where to continue the work that I'm doing, I need to make a decision. I'm happy to follow the consensus if there is one, but it does not appear that there is. I will admit that I don't love making this decision by myself, because right now, whatever I pick, somebody is going to be unhappy. I want to state, unambiguously, that I'm trying to make a decision that is in the interests of the Git Project, the community, and our users. I'm happy to wait a few more days to see if a consensus develops; if so, I'll follow it. If we haven't come to one by, say, Wednesday, I'll make a decision and write my patches accordingly. The community is free, as always, to reject my patches if taking them is not in the interest of the project. [0] https://public-inbox.org/git/CAL9PXLzhPyE+geUdcLmd=pidT5P8eFEBbSgX_dS88knz2q_LSw@mail.gmail.com/ -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 867 bytes --]
next prev parent reply other threads:[~2018-07-22 0:02 UTC|newest] Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-06-09 20:56 State of NewHash work, future directions, and discussion brian m. carlson 2018-06-09 21:26 ` Ævar Arnfjörð Bjarmason 2018-06-09 22:49 ` Hash algorithm analysis brian m. carlson 2018-06-11 19:29 ` Jonathan Nieder 2018-06-11 20:20 ` Linus Torvalds 2018-06-11 23:27 ` Ævar Arnfjörð Bjarmason 2018-06-12 0:11 ` David Lang 2018-06-12 0:45 ` Linus Torvalds 2018-06-11 22:35 ` brian m. carlson 2018-06-12 16:21 ` Gilles Van Assche 2018-06-13 23:58 ` brian m. carlson 2018-06-15 10:33 ` Gilles Van Assche 2018-07-20 21:52 ` brian m. carlson 2018-07-21 0:31 ` Jonathan Nieder 2018-07-21 19:52 ` Ævar Arnfjörð Bjarmason 2018-07-21 20:25 ` brian m. carlson 2018-07-21 22:38 ` Johannes Schindelin 2018-07-21 23:09 ` Linus Torvalds 2018-07-21 23:59 ` brian m. carlson [this message] 2018-07-22 9:34 ` Eric Deplagne 2018-07-22 14:21 ` brian m. carlson 2018-07-22 14:55 ` Eric Deplagne 2018-07-26 10:05 ` Johannes Schindelin 2018-07-22 15:23 ` Joan Daemen 2018-07-22 18:54 ` Adam Langley 2018-07-26 10:31 ` Johannes Schindelin 2018-07-23 12:40 ` demerphq 2018-07-23 12:48 ` Sitaram Chamarty 2018-07-23 12:55 ` demerphq 2018-07-23 18:23 ` Linus Torvalds 2018-07-23 17:57 ` Stefan Beller 2018-07-23 18:35 ` Jonathan Nieder 2018-07-24 19:01 ` Edward Thomson 2018-07-24 20:31 ` Linus Torvalds 2018-07-24 20:49 ` Jonathan Nieder 2018-07-24 21:13 ` Junio C Hamano 2018-07-24 22:10 ` brian m. carlson 2018-07-30 9:06 ` Johannes Schindelin 2018-07-30 20:01 ` Dan Shumow 2018-08-03 2:57 ` Jonathan Nieder 2018-09-18 15:18 ` Joan Daemen 2018-09-18 15:32 ` Jonathan Nieder 2018-09-18 16:50 ` Linus Torvalds 2018-07-25 8:30 ` [PATCH 0/2] document that NewHash is now SHA-256 Ævar Arnfjörð Bjarmason 2018-07-25 8:30 ` [PATCH 1/2] doc hash-function-transition: note the lack of a changelog Ævar Arnfjörð Bjarmason 2018-07-25 8:30 ` [PATCH 2/2] doc hash-function-transition: pick SHA-256 as NewHash Ævar Arnfjörð Bjarmason 2018-07-25 16:45 ` Junio C Hamano 2018-07-25 17:25 ` Jonathan Nieder 2018-07-25 21:32 ` Junio C Hamano 2018-07-26 13:41 ` [PATCH v2 " Ævar Arnfjörð Bjarmason 2018-08-03 7:20 ` Jonathan Nieder 2018-08-03 16:40 ` Junio C Hamano 2018-08-03 17:01 ` Linus Torvalds 2018-08-03 16:42 ` Linus Torvalds 2018-08-03 17:43 ` Ævar Arnfjörð Bjarmason 2018-08-04 8:52 ` Jonathan Nieder 2018-08-03 17:45 ` brian m. carlson 2018-07-25 22:56 ` [PATCH " brian m. carlson 2018-06-11 21:19 ` Hash algorithm analysis Ævar Arnfjörð Bjarmason 2018-06-21 8:20 ` Johannes Schindelin 2018-06-21 22:39 ` brian m. carlson 2018-06-11 18:09 ` State of NewHash work, future directions, and discussion Duy Nguyen 2018-06-12 1:28 ` brian m. carlson 2018-06-11 19:01 ` Jonathan Nieder 2018-06-12 2:28 ` brian m. carlson 2018-06-12 2:42 ` Jonathan Nieder
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style List information: http://vger.kernel.org/majordomo-info.html * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20180721235941.GG18502@genre.crustytoothpaste.net \ --to=sandals@crustytoothpaste.net \ --cc=Johannes.Schindelin@gmx.de \ --cc=agl@google.com \ --cc=demerphq@gmail.com \ --cc=git@vger.kernel.org \ --cc=jrnieder@gmail.com \ --cc=keccak@noekeon.org \ --cc=torvalds@linux-foundation.org \ --subject='Re: Hash algorithm analysis' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Code repositories for project(s) associated with this inbox: https://80x24.org/mirrors/git.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).