From: Johannes Schindelin <Johannes.Schindelin@gmx.de> To: Eric Deplagne <Eric@Deplagne.name> Cc: "brian m. carlson" <sandals@crustytoothpaste.net>, Jonathan Nieder <jrnieder@gmail.com>, git@vger.kernel.org, demerphq <demerphq@gmail.com>, Linus Torvalds <torvalds@linux-foundation.org>, Adam Langley <agl@google.com>, The Keccak Team <keccak@noekeon.org> Subject: Re: Hash algorithm analysis Date: Thu, 26 Jul 2018 12:05:03 +0200 (DST) [thread overview] Message-ID: <nycvar.QRO.7.76.6.1807261157560.71@tvgsbejvaqbjf.bet> (raw) In-Reply-To: <20180722145506.GL11431@mail.eric.deplagne.name> [-- Attachment #1: Type: text/plain, Size: 3299 bytes --] Hi Eric, On Sun, 22 Jul 2018, Eric Deplagne wrote: > On Sun, 22 Jul 2018 14:21:48 +0000, brian m. carlson wrote: > > On Sun, Jul 22, 2018 at 11:34:42AM +0200, Eric Deplagne wrote: > > > On Sat, 21 Jul 2018 23:59:41 +0000, brian m. carlson wrote: > > > > I don't know your colleagues, and they haven't commented here. One > > > > person that has commented here is Adam Langley. It is my impression > > > > (and anyone is free to correct me if I'm incorrect) that he is indeed a > > > > cryptographer. To quote him[0]: > > > > > > > > I think this group can safely assume that SHA-256, SHA-512, BLAKE2, > > > > K12, etc are all secure to the extent that I don't believe that making > > > > comparisons between them on that axis is meaningful. Thus I think the > > > > question is primarily concerned with performance and implementation > > > > availability. > > > > > > > > […] > > > > > > > > So, overall, none of these choices should obviously be excluded. The > > > > considerations at this point are not cryptographic and the tradeoff > > > > between implementation ease and performance is one that the git > > > > community would have to make. > > > > > > Am I completely out of the game, or the statement that > > > "the considerations at this point are not cryptographic" > > > is just the wrongest ? > > > > > > I mean, if that was true, would we not be sticking to SHA1 ? > > > > I snipped a portion of the context, but AGL was referring to the > > considerations involved in choosing from the proposed ones for NewHash. > > In context, he meant that the candidates for NewHash “are all secure” > > and are therefore a better choice than SHA-1. > > Maybe a little bit sensitive, but I really did read > "we don't care if it's weak or strong, that's not the matter". Thank you for your concern. I agree that we need to be careful in considering the security implications. We made that mistake before (IIRC there was a cryptographer who was essentially shouted off the list when he suggested *not* to hard-code SHA-1), and we should absolutely refrain from making that same mistake again. > > I think we can all agree that SHA-1 is weak and should be replaced. Indeed. So at this point, we already excluded pretty much all the unsafe options (although it does concern me that BLAKE2b has been weakened purposefully, I understand the reasoning, but still). Which means that by now, considering the security implications of the cipher is no longer a criterion that helps us whittle down the candidates further. So from my point of view, there are two criterions that can help us further: - Which cipher is the least likely to be broken (or just weakened by new attacks)? - As energy considerations not only ecologically inspired, but also in terms of money for elecricity: which cipher is most likely to get decent hardware support any time soon? Even if my original degree (prime number theory) is closer to cryptanalysis than pretty much all other prolific core Git contributors, I do not want you to trust *my* word on answering those questions. Therefore, I will ask my colleagues to enter the hornet's nest that is this mailing list. Ciao, Dscho
next prev parent reply other threads:[~2018-07-26 10:05 UTC|newest] Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-06-09 20:56 State of NewHash work, future directions, and discussion brian m. carlson 2018-06-09 21:26 ` Ævar Arnfjörð Bjarmason 2018-06-09 22:49 ` Hash algorithm analysis brian m. carlson 2018-06-11 19:29 ` Jonathan Nieder 2018-06-11 20:20 ` Linus Torvalds 2018-06-11 23:27 ` Ævar Arnfjörð Bjarmason 2018-06-12 0:11 ` David Lang 2018-06-12 0:45 ` Linus Torvalds 2018-06-11 22:35 ` brian m. carlson 2018-06-12 16:21 ` Gilles Van Assche 2018-06-13 23:58 ` brian m. carlson 2018-06-15 10:33 ` Gilles Van Assche 2018-07-20 21:52 ` brian m. carlson 2018-07-21 0:31 ` Jonathan Nieder 2018-07-21 19:52 ` Ævar Arnfjörð Bjarmason 2018-07-21 20:25 ` brian m. carlson 2018-07-21 22:38 ` Johannes Schindelin 2018-07-21 23:09 ` Linus Torvalds 2018-07-21 23:59 ` brian m. carlson 2018-07-22 9:34 ` Eric Deplagne 2018-07-22 14:21 ` brian m. carlson 2018-07-22 14:55 ` Eric Deplagne 2018-07-26 10:05 ` Johannes Schindelin [this message] 2018-07-22 15:23 ` Joan Daemen 2018-07-22 18:54 ` Adam Langley 2018-07-26 10:31 ` Johannes Schindelin 2018-07-23 12:40 ` demerphq 2018-07-23 12:48 ` Sitaram Chamarty 2018-07-23 12:55 ` demerphq 2018-07-23 18:23 ` Linus Torvalds 2018-07-23 17:57 ` Stefan Beller 2018-07-23 18:35 ` Jonathan Nieder 2018-07-24 19:01 ` Edward Thomson 2018-07-24 20:31 ` Linus Torvalds 2018-07-24 20:49 ` Jonathan Nieder 2018-07-24 21:13 ` Junio C Hamano 2018-07-24 22:10 ` brian m. carlson 2018-07-30 9:06 ` Johannes Schindelin 2018-07-30 20:01 ` Dan Shumow 2018-08-03 2:57 ` Jonathan Nieder 2018-09-18 15:18 ` Joan Daemen 2018-09-18 15:32 ` Jonathan Nieder 2018-09-18 16:50 ` Linus Torvalds 2018-07-25 8:30 ` [PATCH 0/2] document that NewHash is now SHA-256 Ævar Arnfjörð Bjarmason 2018-07-25 8:30 ` [PATCH 1/2] doc hash-function-transition: note the lack of a changelog Ævar Arnfjörð Bjarmason 2018-07-25 8:30 ` [PATCH 2/2] doc hash-function-transition: pick SHA-256 as NewHash Ævar Arnfjörð Bjarmason 2018-07-25 16:45 ` Junio C Hamano 2018-07-25 17:25 ` Jonathan Nieder 2018-07-25 21:32 ` Junio C Hamano 2018-07-26 13:41 ` [PATCH v2 " Ævar Arnfjörð Bjarmason 2018-08-03 7:20 ` Jonathan Nieder 2018-08-03 16:40 ` Junio C Hamano 2018-08-03 17:01 ` Linus Torvalds 2018-08-03 16:42 ` Linus Torvalds 2018-08-03 17:43 ` Ævar Arnfjörð Bjarmason 2018-08-04 8:52 ` Jonathan Nieder 2018-08-03 17:45 ` brian m. carlson 2018-07-25 22:56 ` [PATCH " brian m. carlson 2018-06-11 21:19 ` Hash algorithm analysis Ævar Arnfjörð Bjarmason 2018-06-21 8:20 ` Johannes Schindelin 2018-06-21 22:39 ` brian m. carlson 2018-06-11 18:09 ` State of NewHash work, future directions, and discussion Duy Nguyen 2018-06-12 1:28 ` brian m. carlson 2018-06-11 19:01 ` Jonathan Nieder 2018-06-12 2:28 ` brian m. carlson 2018-06-12 2:42 ` Jonathan Nieder
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style List information: http://vger.kernel.org/majordomo-info.html * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=nycvar.QRO.7.76.6.1807261157560.71@tvgsbejvaqbjf.bet \ --to=johannes.schindelin@gmx.de \ --cc=Eric@Deplagne.name \ --cc=agl@google.com \ --cc=demerphq@gmail.com \ --cc=git@vger.kernel.org \ --cc=jrnieder@gmail.com \ --cc=keccak@noekeon.org \ --cc=sandals@crustytoothpaste.net \ --cc=torvalds@linux-foundation.org \ --subject='Re: Hash algorithm analysis' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Code repositories for project(s) associated with this inbox: https://80x24.org/mirrors/git.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).