Re: [dev] Checksums and Sig files for release gzip

From: Mattias Andrée <maandree_AT_kth.se>
Date: Tue, 13 Apr 2021 20:48:15 +0200

On Tue, 13 Apr 2021 20:17:37 +0200
Markus Wichmann <nullplan_AT_gmx.net> wrote:

> On Tue, Apr 13, 2021 at 05:08:31PM +0200, Mattias Andrée wrote:
> > On Tue, 13 Apr 2021 16:57:39 +0200
> > Sagar Acharya <sagaracharya_AT_tutanota.com> wrote:
> >
> > > Sure, any good signature. SHA512 is stronger than SHA1, MD5 and SHA256. It shouldn't take a second more than others. Why use a weaker checksum?
> >
> > SHA512 is actually more than twice as fast as SHA256 on 64-bit machines.
> > (I don't know which is stronger).
> >
>
> Y'know, while we're bikeshedding, why not just use SHA-3? Keccak has
> been out for a while now, and it is also available in 256 and 512 bit
> variants. I keep wondering why people keep using SHA-2 variants. Do you
> want to wait until it is cracked?

I use SHA-3 :) But interesting, even though Keccak (from which SHA-3 is
derived) won over BLAKE2, BLAKE2 seems to be more popular.

>
> SHA-3 would have the benefit of always being a 64-bit algorithm (unlike
> SHA-2, which is 32-bit in the 192 and 256 bit variants, and 64-bit in
> the 384 and 512 bit variants, necessitating two very similar processing
> functions in C).

SHA-3 may be 64-bit, it's just a set of four special configurations of
Keccak which does not have restriction at all, which complicates the
algorithm. Just like you would just choose SHA-3 and not Keccak, and
one specific version of it, you would only choose one specific version
of SHA-2, so if you only implement that version, you can get rid of these
complexities. However, in the real world applications would implement
all, or at least four, of the SHA-2 versions, which only require two
distinct, simple implementations. With SHA-3, you can get rid of some
complexity by restricting the implementation to SHA-3, but wouldn't
you implement it via Keccak, so you easily can implement all variants
of Keccak? (When I implemented sha3sum, SHA-3 was not defined yet, we
only had Keccak, so I had to implement it with all those complexities,
then I just left it when SHA-3 was finalised, so it could support more
hashing algorithms.)

> Its design also makes HMAC easier, though this is not
> of import for this application.
>
> > I see no point in having checksums at all, except for detecting bitrot.
> > Signatures are of course good.
> >
>
> Signatures only help if you have a known-good public key. Anyone can
> create a key and claim it belongs to, say, Barack Obama. I have no
> public key of anyone affiliated with suckless, and no way to verify if
> any key I get off of a keyserver is actually one of theirs.

That's were the idea of web of trust comes in. During slcon, we can
have key signing parties. Then other people can sign our keys, and
eventually there a chain from someone you trust to the suckless
developers. Additionally, the developers can host their signed keys
on other websites, including their own. Then, if you get them of multiple
servers, including well-known ones, they are fairly trustable.

>
> Security is hard.
>
> Ciao,
> Markus
>
Received on Tue Apr 13 2021 - 20:48:15 CEST