Re: Adding SHA-512 to the list of digests

To: Taylor R Campbell <campbell+netbsd-tech-pkg%mumble.net@localhost>
Subject: Re: Adding SHA-512 to the list of digests
From: Alistair Crooks <agc%pkgsrc.org@localhost>
Date: Thu, 8 Oct 2015 13:36:02 -0700

Oh, nice, thanks! My problem with blake2 has always been that (with no
disrespect to Zooko and co) the much-vaunted speed is achieved by the
use of assembly; your portable C versions are nice for the
cross-platform aspect of pkgsrc, thanks. (I also have versions of
these in C in multigest, but my problem has always been that I
couldn't find reference vectors for them).

WRT reducing CPU cycles - I'm not paranoid to think that pkgsrc is a
primary target for anyone wanting to spend $100K on a GPU farm, and
calculation of digests is fairly insignificant in the face of the
shell gyrations that GNU configure goes through, but long-term I think
we should be getting rid of SHA1 and RMD160, and moving to SHA3-512
and SHA-512.

Yes, I'd like to have used sha3 instead of sha512 right now, but
they're not in (the program) digest, yet, and I think it would
probably take us at least a quarter to move to a new digest version -
so we should look to the end goal being sha512 and sha3-512, and look
to have everything in that form by 2016Q2. At the same time, we should
look at making digest into a library and a calling program - the
library would be useful to have for scripting languages and so many
other tools. Things have moved on from when digest was first written
:).

On 8 October 2015 at 12:25, Taylor R Campbell
<campbell+netbsd-tech-pkg%mumble.net@localhost> wrote:
>    Date: Thu, 8 Oct 2015 11:21:55 -0700
>    From: Alistair Crooks <agc%pkgsrc.org@localhost>
>
>    For distfile checksums, I'd like to add SHA-512 to our current mix of
>    SHA-1 and RMD160.  [...]
>
>    In this way, pkgsrc distinfo files will be updated over time to have 3
>    digests, with a mopping up operation for some of the packages which
>    aren't so volatile.
>
>    Does anyone have any problems with this?
>
> Nope!  Please do it.
>
> Along with SHA-512, it might be nice to add a hash function with a
> substantially different design, e.g. BLAKE2b or SHA3-512 (now that it
> is finalized!), for improved diversity.  Dunno whether digest can
> handle them -- if not, I wrote simple portable C code for them here:
>
> http://mumble.net/~campbell/hg/blake2/
> http://mumble.net/~campbell/hg/sha3/
>
>
> Thoughts about planning to phase out SHA-1 and/or RMD160 later, to
> reduce the CPU cycles needed to verify distfiles?
>

References:
- Adding SHA-512 to the list of digests
  - From: Alistair Crooks
- Re: Adding SHA-512 to the list of digests
  - From: Taylor R Campbell

Prev by Date: Re: Adding SHA-512 to the list of digests
Next by Date: Re: Adding SHA-512 to the list of digests
Previous by Thread: Re: Adding SHA-512 to the list of digests
Next by Thread: Re: Adding SHA-512 to the list of digests
Indexes:

Home | Main Index | Thread Index | Old Index