From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id 4AdaO3knu2KEowAAbAwnHQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 28 Jun 2022 18:08:26 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id aGo4O3knu2IoewEAauVa8A
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 28 Jun 2022 18:08:25 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 69248EDD1
	for <larch@yhetil.org>; Tue, 28 Jun 2022 18:08:24 +0200 (CEST)
Received: from localhost ([::1]:57280 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1o6DlH-0004aj-Ed
	for larch@yhetil.org; Tue, 28 Jun 2022 12:08:23 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:36490)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@tobias.gr>) id 1o6Dhw-00024j-56
 for guix-devel@gnu.org; Tue, 28 Jun 2022 12:04:56 -0400
Received: from tobias.gr ([2a02:c205:2020:6054::1]:36370)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@tobias.gr>) id 1o6Dht-0004v0-7n
 for guix-devel@gnu.org; Tue, 28 Jun 2022 12:04:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=TJHDxFjjmljKn
 t/fNILAfDBgkT6BUxcUWN2SMo5+ljc=;
 h=references:in-reply-to:subject:cc:
 to:from:date; d=tobias.gr; b=njR+fHYaUCvVAaS9Xdk3VDfRjrzs1MN5Qegb+esTY
 4XTn/C+haN8R5U/3zEJz1uasg3yYhZ8vBJXSiNjjFO1touS7n7Nc9Ier/T7Zhb5Fae1pM0
 HYfoxg55mu8EZ8uwtI2bLwFn4Yx6g33mAT6J4HrX09Aug+H/aTeIkUMrbkL30o82QcYl5n
 S3zC6uisdlxQ/6RkgVNor1daZsR/I8V0acT20+DkVLolY95OBQ9VgYUlqedflIBXXnZUO4
 0vvDiOYnz+uYo4K51ftiVOuciIPrxPgIpolGQAcaZoj+K7HScgcwaaT3wInfyk1/uGDhPG
 Y+q4+8X2A7jVWRojkis5w==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id ddf31d24
 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); 
 Tue, 28 Jun 2022 16:04:46 +0000 (UTC)
Date: Tue, 28 Jun 2022 16:04:46 +0000
From: Tobias Geerinckx-Rice <me@tobias.gr>
To: guix-devel@gnu.org, Efraim Flashner <efraim@flashner.co.il>,
 Vagrant Cascadian <vagrant@reproducible-builds.org>
CC: Julien Lepiller <julien@lepiller.eu>,
 Felix Lechner <felix.lechner@gmail.com>
Subject: =?US-ASCII?Q?Re=3A_maradns_reproducibility_fixes_and?=
 =?US-ASCII?Q?_the_merits_of_picking_a_random_number?=
In-Reply-To: <YrrKMjNsCuSmOgFZ@3900XT>
References: <87pmjlfdjl.fsf@contorta>
 <CAFHYt54b-D6FrvkG8PvUayzjWkqW62LgJzgexXHqcggxENfV8w@mail.gmail.com>
 <310AD876-916E-4020-A87E-5609E8166432@lepiller.eu> <YqCMT5v2ls44PNoB@3900XT>
 <87a6amgak1.fsf@contorta> <87r13grv6a.fsf@contorta> <87leth7ev6.fsf@contorta>
 <YrrKMjNsCuSmOgFZ@3900XT>
Message-ID: <4BD0EAF3-DFA2-47B0-AFA0-AEAA2393F2A5@tobias.gr>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
Autocrypt: addr=me@tobias.gr; keydata=
 mQINBFVks2ABEACjGBPhWf/qx0L9OhEIrAFTimo5dHa1FLy0AHaHvxmwYSIdJmERYGiNle1rcOvw
 cFRtu8KJUsrs27Vgoso3qHJpghVitUUf0v3ZuXQT9kfuQLz1Y8pyMzHwVFMLiJVj4Z3y7CJk+xyZ
 cpSAMbyPINbFVEhsK+z+8ojVGuaiucZkib6b67ySG6Pp1bon8xVvosj71ZRjfXh1t4X8laWO7fQq
 itT9lmc6DxbE/4vIhR+Vb2MblaA+DyHoNHGGao89h4CO99lfzWzsux41DnEG9d317sJRQTig6Wja
 EKHXZRA9FbfogD4SDa2uQYCpTJpsVjAyZyu2fuJ+t0zJJ+Ai9qDY87P6hOyd+/n8Eh2Y4TbxJiDo
 XUT72XY/RfPH1qrMIP3EI/NNL4LQeGG1n+625k3OVWcRVXG2vRrB6qurLmGkLEmjXWCFD9cCRGfH
 LeajLm9sM+t/nZPZ3btetcmK9tM2EwivyLUNhrTk73UUnI4CSAzdO2cISqo9zSMtFgj2alqd2fOR
 s7CKfEn+5PquruDbp/Ej7dOOrjgWSCXLDDYXRrtaKrLz/dhqq5ftFYi9tUTTQecFotM08fPtu+Kw
 JMP2ySHCkUqp0GvrUCeSRPAJZsmJrd535y+LlRhnqb0mbG4dgMa8A6xhkFYugnqldy/q7kX1EmRI
 686N7bA6fh1MCQARAQABtCRUb2JpYXMgR2VlcmluY2t4LVJpY2UgPG1lQHRvYmlhcy5ncj6JAlIE
 EwEKADwCHgECF4ACGQECGwMWIQT1vFU0w28Ah7OdNu8cncT+udt8SwUCXpe0rAYLCQgHCgQFFQoJ
 CAsFFgMCAQAACgkQHJ3E/rnbfEu5IhAAk+0BW/twLmx1xMmeXn+I7Ne6SG3++0TRBduEaGWV3n59
 lX6XPZUQdAPpS4uy0H+c90Owkw+aWUEwfyOWphrxZRtR2cCOP/3Pxj3Vgtz5RkY4u27lMj15jqa/
 p7l2l256ZKJOegr9TvOWtkhMp5lxeVHT6f/44Kv/r/8mMCgSnLXYrEWPE462xI+mIJOanHLJb6No
 f2xLRCvXoLLp7Yejjv1dwOO71R9PMRhtNy46pZM1ylQ++UTkeSocJw4aNtiu0DHOkX9AlNBkutIx
 x07RpO+MqJKlzzLeQiC/fE5+dR2itRONopwXAqN3MuT7MonQo5XifBn+VK8i9xZWTXZDkWItWtCC
 8oIj4zwxwFWiTmMwwSbI3Wdd/11Zw3CLc4Gd0M6NVgvAnuErQXSgr4lrWhZcncvi4L6EJTc9AUSa
 8UWPF+S9t+CHTukpJmcYnsccMkOBhT7OZlmWBsylrYK/JTRWqgWSHWdSKmOuLK+MGDneOZEHkEcf
 jeXRWvmG7MSU5tE/p7NDLIg9vkvhQV9b0q4OtY65uNWbRe2QRJaYMDcYUAeSZzivRa8VaoVen6tb
 FvH44zpCxubn23ABl9YIzwvJC++r+H2qLdLpy0cfITiZadZ74Ae0aosNw7XARS6OY+A03BfXyPiI
 2oW0jf/PdH9sh2mQrQxIQJ5cZz6Z3X0=
Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr;
 helo=tobias.gr
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1656432505;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	list-unsubscribe:list-subscribe:list-post:dkim-signature:autocrypt:autocrypt;
	bh=TJHDxFjjmljKnt/fNILAfDBgkT6BUxcUWN2SMo5+ljc=;
	b=ZNHdXXmvIwTjj1CgfQ3tDr8cYw8STmQAdYwjjnC0oavbYreDaw1bG5EoBBiMVqzN1d6Gtx
	G4dEL6L4DUGVoFAVylolER8l5rOEVKOX1dKxQwGQmzh40aLQVFq9OSB0bAw/Sm+mG3zxIV
	JDK6cxzJTPIhwNzCV89ATfyGuclwzBeGgwlbwV2UU1rzipZTpDXV1bKW54VrZ8dxVJaEVI
	rT4Yk+s04vMYwwxkuVLd7wPxBysoNFkW9lzcepzIRbfLsUO0pjcWNHPjZR56HC7CU+rhCa
	PemrssKFtijUrS20bJa5hhMMn5wAdSj5LOYib1TvQbQP3HVDiAlvconj50uPtA==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1656432505; a=rsa-sha256; cv=none;
	b=rkfVr+hfNQNdFSiY1IV/8YOyUT3CFvFIMQYZkLe/XTNrBkEhiTfjOumFKGBp9ZRuSLuiYt
	2Q48+jAXVVV9r3dIyS8qfRvNYB8ecrMD4IbM61BaS7fXyzVt9rCzck6QlvL1I4tXpMx2qN
	YKuJxPf/xeqB9ozZlim/QO5hNfShqsBSrbUkwmMWiBReF3QZuR2Q+PHsqhJTga/64EjCVb
	C5b01bunXcVGN9DQCz6vgTo0IPZKmE1KrxDl/Y4DmP17dShdJrn51FjGm01t2tTEWSS87w
	yQqDAuDj75Up5DkNZGWZxkKXsODn7Nw6fzPwqu2+l7sEPAs1pCzemZIMOEzgZA==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=tobias.gr header.s=2018 header.b=njR+fHYa;
	dmarc=pass (policy=reject) header.from=tobias.gr;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -1.25
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=tobias.gr header.s=2018 header.b=njR+fHYa;
	dmarc=pass (policy=reject) header.from=tobias.gr;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 69248EDD1
X-Spam-Score: -1.25
X-Migadu-Scanner: scn1.migadu.com
X-TUID: kS0m0hGt5mpj

Hi,

Vagrant said:
> It is expensive to generate the random prime on some hardware, so doing
> so at runtime might not be feasible in some cases=2E=2E=2E

But in the same reply you're paraphrasing, upstream also says:

> In 2010, I updated that homegrown hash compression
> algorithm to also add a random number when compressing
> the input, and calculating another 32-bit random number
> when Deadwood starts=2E
^^^^^^^^^^^^^^^^^^^^^^^

and

> I believe the hash compression algorithm is protected from hash
> bucket collision attacks, even if Deadwood is patched to make=20
> MUL_CONSTANT a constant number, since the add constant
> remains random=2E

so their 'too computationally expensive' does not make sense to me=2E  Do =
they bail out if generating the truly random part 'takes too long'?  Surely=
 not=2E

Neither does the 'ah, but your urandom might be broken' argument for silen=
tly substituting a still less random number=2E

I don't think this alone justifies the scheme, or disabling substitutes=2E

Kind regards,

T G-R

Sent on the go=2E  Excuse or enjoy my brevity=2E