--- xml/htdocs/proj/en/glep/glep-0059.html 2010/01/31 08:50:52 1.7 +++ xml/htdocs/proj/en/glep/glep-0059.html 2010/02/07 10:39:52 1.10 @@ -27,9 +27,9 @@
This GLEP is not mandatory for the tree-signing specification, but +instead aims to improve the security of the hashes used in Manifest2. +As such, it is also able to stand on it's own.
08/2004 - 1 hour, IBM pSeries 690 (32x 1.7Ghz POWER4+) = 54.4 GHz-Hours -03/2005 - 8 hours, Pentium-M 1.6Ghz = 12.8 Ghz-Hours -11/2005 - 5 hours, Pentium-4 1.7Ghz = 8.5 Ghz-Hours -03/2006 - 1 minute, Pentium-4 3.2Ghz = .05 Ghz-Hours -04/2006 - 17 seconds, Pentium-4 3.2Ghz = .01 Ghz-Hours+
If we accept a factor of 800x as a sample of how much faster a checksum may be broken over the course of 2 years (MD5 using the above data is >2000x), then existing checksums do not stand a significant chance of @@ -146,14 +155,14 @@ available in a Manifest2, starting with the strongest ones as maintained by a preference list. Over time, the weaker checksums should be removed from Manifest2 files, once all old Portage installations have had -sufficient time to upgrade. We should be prepared to add stronger -checksums wherever possible, and to remove those that have been -defeated.+sufficient time to upgrade. Stronger checksums shall be added as soon as +an implementation is available in Portage. Weak checksums may be removed +as long as the depreciation process is followed (see below).
As soon as feasible, we should add the SHA512 and WHIRLPOOL algorithms. In future, as stream-based checksums are developed (in response to the development by NIST [AHS]), they should be considered and used.
The SHA512 algorithm is available in Python 2.5, which has been a -dependency of Portage since approximately Python 220.127.116.11.+dependency of Portage since approximately Portage 18.104.22.168.
The WHIRLPOOL checksum is not available within the PyCrypto library or hashlib that is part of Python 2.5, but there are multiple alternative Python implementations available, ranging from pure Python to C-based @@ -163,25 +172,49 @@
A minimum set of depreciated checksums shall be maintained only to +support old package manager versions where needed by historically used +trees:+
For the current Portage, both SHA1 and RIPEMD160 should be immediately removed, as they present no advantages over the already present SHA256. SHA256 cannot be replaced immediately with SHA512, as existing Portage versions need at least one supported algorithm present (SHA256 support was added in June 2006), so it must be retained for some while.-
Immediately: -- Add WHIRLPOOL and SHA512. -- Remove SHA1 and RIPEMD160.-
After the majority of Portage installations include SHA512 support: -- Remove SHA256.+
After the majority of Portage installations include SHA512 support:+
Old versions of Portage may support and expect only specific checksums. This is accounted for in the checksum depreciation discussion.+
For maximum compatiability, we should only have to include each of the +old algorithms that we are officially still supporting, as well as the +new ones that we prefer.