[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Let's shrink Packages.xz

ابراهیم محمدی <mebrahim@gmail.com> writes:

> Isn't a single (rather small) hash value enough for almost all users?

Using multiple hashes gives us some theoretical robustness against a break
in one of the hash functions provided that all clients check all the
hashes and the hashes would fail independently (which is likely).  The
basic idea is that it's much harder to come up with a simultaneoush hash
collision with both SHA-1 and SHA-2 than breaking either of them
independently.  I'm a bit dubious the clients actually check, though.
Also, it's questionable whether protecting against this theoretical
possibility is a good tradeoff.  If SHA-2 is broken suddenly, we have
larger problems than the integrity of the Packages file, and hopefully
we'd get a bit of advance warning (like we have with MD5) and be able to
introduce a new hash at that point.

MD5 may still be required for backward compatibility; otherwise, it's the
obvious one to drop.

If we were going to keep only one, we should keep SHA256, as that's the
most robust from a cryptographic standpoint at this point (SHA-3 may get
there, but is still too new), but obviously all the clients have to
support that.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: