Re: Let's shrink Packages.xz
Peter Palfrader <email@example.com> writes:
> On Mon, 14 Jul 2014, Russ Allbery wrote:
>> Using multiple hashes gives us some theoretical robustness against a
>> break in one of the hash functions provided that all clients check all
>> the hashes and the hashes would fail independently (which is likely).
> I would like to see some supporting evidence for the claim that they
> will likely fail independently. In particular given that they are all
> the same construct.
SHA-1 and SHA-2 are relatively independent constructions, so it seems
intuitive to me that achieving a hash collision simultaneously with both
constructions would be harder than finding a hash collision for either of
I admit that this argument is much stronger for SHA-2 and SHA-3, where
there is no commonality at all between the algorithms (that I know of).
> I think just having a single, strong hash in Packages ought to be
...I agree with this. I think that, even if this approach works and all
the clients check, the level of additional security that we get from
having multiple hashes isn't worth the overhead.
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>