--- xml/htdocs/proj/en/glep/glep-0059.txt 2010/02/02 05:49:27 1.7 +++ xml/htdocs/proj/en/glep/glep-0059.txt 2010/02/07 10:39:52 1.8 @@ -1,7 +1,7 @@ GLEP: 59 Title: Manifest2 hash policies and security implications -Version: $Revision: 1.7 $ -Last-Modified: $Date: 2010/02/02 05:49:27 $ +Version: $Revision: 1.8 $ +Last-Modified: $Date: 2010/02/07 10:39:52 $ Author: Robin Hugh Johnson , Status: Draft Type: Standards Track @@ -58,11 +58,15 @@ estimated at 64 hours with a Pentium-3 1.7Ghz. This has gone down to less than in two years, to 17 seconds [K06a]. -08/2004 - 1 hour, IBM pSeries 690 (32x 1.7Ghz POWER4+) = 54.4 GHz-Hours -03/2005 - 8 hours, Pentium-M 1.6Ghz = 12.8 Ghz-Hours -11/2005 - 5 hours, Pentium-4 1.7Ghz = 8.5 Ghz-Hours -03/2006 - 1 minute, Pentium-4 3.2Ghz = .05 Ghz-Hours -04/2006 - 17 seconds, Pentium-4 3.2Ghz = .01 Ghz-Hours +- 08/2004 - 1 hour, IBM pSeries 690 (32x 1.7Ghz POWER4+) = 54.4 GHz-Hours + +- 03/2005 - 8 hours, Pentium-M 1.6Ghz = 12.8 Ghz-Hours + +- 11/2005 - 5 hours, Pentium-4 1.7Ghz = 8.5 Ghz-Hours + +- 03/2006 - 1 minute, Pentium-4 3.2Ghz = .05 Ghz-Hours + +- 04/2006 - 17 seconds, Pentium-4 3.2Ghz = .01 Ghz-Hours If we accept a factor of 800x as a sample of how much faster a checksum may be broken over the course of 2 years (MD5 using the above data is @@ -96,9 +100,9 @@ available in a Manifest2, starting with the strongest ones as maintained by a preference list. Over time, the weaker checksums should be removed from Manifest2 files, once all old Portage installations have had -sufficient time to upgrade. We should be prepared to add stronger -checksums wherever possible, and to remove those that have been -defeated. +sufficient time to upgrade. Stronger checksums shall be added as soon as +an implementation is available in Portage. Weak checksums may be removed +as long as the depreciation process is followed (see below). As soon as feasible, we should add the SHA512 and WHIRLPOOL algorithms. In future, as stream-based checksums are developed (in response to the @@ -117,6 +121,23 @@ Checksum depreciation timing ---------------------------- +General principles: +~~~~~~~~~~~~~~~~~~~ +A minimum set of depreciated checksums shall be maintained only to +support old package manager versions where needed by historically used +trees: + +- New package manager versions should NOT use depreciated checksums in + +- New trees with that have never used the depreciated checksums may omit + them for reasons of size, but are still strongly suggested to include + them. + +- Removal of depreciated checksums shall happen after no less than 18 + months or one major Portage version cycle, whichever is greater. + +Immediate plans: +~~~~~~~~~~~~~~~~ For the current Portage, both SHA1 and RIPEMD160 should be immediately removed, as they present no advantages over the already present SHA256. SHA256 cannot be replaced immediately with SHA512, as existing Portage @@ -124,10 +145,13 @@ was added in June 2006), so it must be retained for some while. Immediately: + - Add WHIRLPOOL and SHA512. + - Remove SHA1 and RIPEMD160. After the majority of Portage installations include SHA512 support: + - Remove SHA256. Backwards Compatibility