From: Marius Bakke <mbakke@fastmail.com>
To: "Ludovic Courtès" <ludo@gnu.org>, 41382@debbugs.gnu.org
Cc: guix-devel@gnu.org
Subject: Re: [bug#41382] [PATCH 0/6] Allow for a cryptographic hash function migration
Date: Tue, 19 May 2020 20:00:34 +0200 [thread overview]
Message-ID: <87wo57reil.fsf@devup.no> (raw)
In-Reply-To: <871rnggf4d.fsf@gnu.org>
[-- Attachment #1: Type: text/plain, Size: 1971 bytes --]
Ludovic,
(+ guix-devel)
Ludovic Courtès <ludo@gnu.org> writes:
> Hello,
>
> Ludovic Courtès <ludo@gnu.org> skribis:
>
>> Another option would be to create a <hash> data type that specifies
>> its algorithm and its value. We’d replace the ‘sha256’ field with
>> a ‘hash’ field of that type (in a backward-compatible way). Thinking
>> about it, this is perhaps the better option.
>
> Here’s a v2 that does that: instead of adding a ‘sha512’ field to
> <origin>, it replaces the ‘sha256’ field with ‘hash’ and introduces a
> <content-hash> data type (similar to the <uuid> data type we have).
>
> One can now write things like:
>
> (origin
> ;; …
> (hash (content-hash (base64 "…") sha512)))
>
> Since it’s a bit verbose, one can also pass a literal string directly,
> in which case it’s base32-decoded:
>
> (origin
> ;; …
> (hash (content-hash "…")))
>
> ‘content-hash’ uses macrology to validate as much as possible at
> macro-expansion time.
>
> There’s a compatibility ‘origin’ macro intended to allow people to keep
> writing:
>
> (origin
> (url …)
> (method …)
> (sha256 …))
>
> and to automatically “convert” the ‘sha256’ field specification to a
> ‘content-hash’. Due to the way identifiers are matched, there are cases
> where we can’t preserve the illusion of compatibility, as can be seen
> with the patch below. Perhaps that’s acceptable, though.
>
> Thoughts?
This is a great initiative, and the patches LGTM.
I think that if we are to move away from SHA256, we should go with
something that is immune to length extension attacks[0] such as BLAKE2/3
or SHA-3 (Keccak).
Although I don't know any Guile implementations of those as of yet.
SHA512 does not improve much security-wise IMO, but maybe it's
worthwhile as s stop-gap.
0: https://en.wikipedia.org/wiki/Length_extension_attack
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
next prev parent reply other threads:[~2020-05-19 18:00 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-18 21:31 [bug#41382] [PATCH 0/6] Allow for a cryptographic hash function migration Ludovic Courtès
2020-05-18 21:32 ` [bug#41382] [PATCH 1/6] tests: Test 'add-to-store' with several hash algorithms Ludovic Courtès
2020-05-18 21:32 ` [bug#41382] [PATCH 2/6] tests: Test fixed-output derivations " Ludovic Courtès
2020-05-18 21:32 ` [bug#41382] [PATCH 3/6] guix hash, guix download: Add '--hash' Ludovic Courtès
2020-05-18 21:32 ` [bug#41382] [PATCH 4/6] guix hash, guix download: Support base64 format Ludovic Courtès
2020-05-18 21:32 ` [bug#41382] [PATCH 5/6] packages: Add 'sha512' optional field to <origin> Ludovic Courtès
2020-05-18 21:32 ` [bug#41382] [PATCH 6/6] packages: Add 'base64' macro Ludovic Courtès
2020-05-19 14:42 ` [bug#41382] [PATCH 0/6] Allow for a cryptographic hash function migration Ludovic Courtès
2020-05-19 18:00 ` Marius Bakke [this message]
2020-05-19 18:20 ` Leo Famulari
2020-05-21 20:46 ` Ludovic Courtès
2020-05-21 23:43 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wo57reil.fsf@devup.no \
--to=mbakke@fastmail.com \
--cc=41382@debbugs.gnu.org \
--cc=guix-devel@gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.