| 1 | GLEP: 59 |
1 | GLEP: 59 |
| 2 | Title: Manifest2 hash policies and security implications |
2 | Title: Manifest2 hash policies and security implications |
| 3 | Version: $Revision: 1.6 $ |
3 | Version: $Revision: 1.7 $ |
| 4 | Last-Modified: $Date: 2010/01/31 09:55:43 $ |
4 | Last-Modified: $Date: 2010/02/02 05:49:27 $ |
| 5 | Author: Robin Hugh Johnson <robbat2@gentoo.org>, |
5 | Author: Robin Hugh Johnson <robbat2@gentoo.org>, |
| 6 | Status: Draft |
6 | Status: Draft |
| 7 | Type: Standards Track |
7 | Type: Standards Track |
| 8 | Content-Type: text/x-rst |
8 | Content-Type: text/x-rst |
| 9 | Requires: 44 |
9 | Requires: 44 |
| … | |
… | |
| 103 | As soon as feasible, we should add the SHA512 and WHIRLPOOL algorithms. |
103 | As soon as feasible, we should add the SHA512 and WHIRLPOOL algorithms. |
| 104 | In future, as stream-based checksums are developed (in response to the |
104 | In future, as stream-based checksums are developed (in response to the |
| 105 | development by NIST [AHS]), they should be considered and used. |
105 | development by NIST [AHS]), they should be considered and used. |
| 106 | |
106 | |
| 107 | The SHA512 algorithm is available in Python 2.5, which has been a |
107 | The SHA512 algorithm is available in Python 2.5, which has been a |
| 108 | dependency of Portage since approximately Python 2.1.6.13. |
108 | dependency of Portage since approximately Portage 2.1.6.13. |
| 109 | |
109 | |
| 110 | The WHIRLPOOL checksum is not available within the PyCrypto library or |
110 | The WHIRLPOOL checksum is not available within the PyCrypto library or |
| 111 | hashlib that is part of Python 2.5, but there are multiple alternative |
111 | hashlib that is part of Python 2.5, but there are multiple alternative |
| 112 | Python implementations available, ranging from pure Python to C-based |
112 | Python implementations available, ranging from pure Python to C-based |
| 113 | (python-mhash). |
113 | (python-mhash). |
| … | |
… | |
| 132 | |
132 | |
| 133 | Backwards Compatibility |
133 | Backwards Compatibility |
| 134 | ======================= |
134 | ======================= |
| 135 | Old versions of Portage may support and expect only specific checksums. |
135 | Old versions of Portage may support and expect only specific checksums. |
| 136 | This is accounted for in the checksum depreciation discussion. |
136 | This is accounted for in the checksum depreciation discussion. |
|
|
137 | |
|
|
138 | For maximum compatiability, we should only have to include each of the |
|
|
139 | old algorithms that we are officially still supporting, as well as the |
|
|
140 | new ones that we prefer. |
| 137 | |
141 | |
| 138 | References |
142 | References |
| 139 | ========== |
143 | ========== |
| 140 | |
144 | |
| 141 | [AHS] NIST (2007). "NIST's Plan for New Cryptographic Hash Functions", |
145 | [AHS] NIST (2007). "NIST's Plan for New Cryptographic Hash Functions", |
Parent Directory
| 
Revision Log
| 
Patch