From: "Gábor Boskovits" <gboskovits@gmail.com>
To: Tobias Geerinckx-Rice <me@tobias.gr>
Cc: Guix Devel <guix-devel@gnu.org>,
Efraim Flashner <efraim@flashner.co.il>,
Vagrant Cascadian <vagrant@reproducible-builds.org>,
Julien Lepiller <julien@lepiller.eu>,
Felix Lechner <felix.lechner@gmail.com>
Subject: Re: maradns reproducibility fixes and the merits of picking a random number
Date: Tue, 28 Jun 2022 18:18:21 +0200 [thread overview]
Message-ID: <CAAqdTgMcTAAOpBofnQ-fshv+PSkz3u1T2y2Jt-t9t7RX985xfA@mail.gmail.com> (raw)
In-Reply-To: <4BD0EAF3-DFA2-47B0-AFA0-AEAA2393F2A5@tobias.gr>
[-- Attachment #1: Type: text/plain, Size: 1620 bytes --]
Hi,
Tobias Geerinckx-Rice <me@tobias.gr> ezt írta (időpont: 2022. jún. 28., K
18:07):
> Hi,
>
> Vagrant said:
> > It is expensive to generate the random prime on some hardware, so doing
> > so at runtime might not be feasible in some cases...
>
> But in the same reply you're paraphrasing, upstream also says:
>
> > In 2010, I updated that homegrown hash compression
> > algorithm to also add a random number when compressing
> > the input, and calculating another 32-bit random number
> > when Deadwood starts.
> ^^^^^^^^^^^^^^^^^^^^^^^
>
> and
>
> > I believe the hash compression algorithm is protected from hash
> > bucket collision attacks, even if Deadwood is patched to make
> > MUL_CONSTANT a constant number, since the add constant
> > remains random.
>
> so their 'too computationally expensive' does not make sense to me. Do
> they bail out if generating the truly random part 'takes too long'? Surely
> not.
>
> Neither does the 'ah, but your urandom might be broken' argument for
> silently substituting a still less random number.
>
> I don't think this alone justifies the scheme, or disabling substitutes.
>
I tend to agree.
Afaics this can be solved in a workaround way. I don't think this random
number is picked up by the build in any way. Upstream could just provide it
as an optional config value. That would be better in every respect. Then
they could just give a build flag to move to the new model. Do you think
such a proposal would be accepted upstream?
>
> Kind regards,
>
> T G-R
>
> Sent on the go. Excuse or enjoy my brevity.
>
>
[-- Attachment #2: Type: text/html, Size: 2260 bytes --]
next prev parent reply other threads:[~2022-06-28 16:18 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-07 1:49 maradns reproducibility fixes and the merits of picking a random number Vagrant Cascadian
2022-06-07 3:24 ` Felix Lechner
2022-06-07 5:20 ` Julien Lepiller
2022-06-07 12:11 ` Brian Cully via Development of GNU Guix and the GNU System distribution.
2022-06-08 11:48 ` Efraim Flashner
2022-06-08 14:09 ` Tobias Geerinckx-Rice
2022-06-08 11:47 ` Efraim Flashner
2022-06-08 20:33 ` Vagrant Cascadian
2022-06-23 2:05 ` Vagrant Cascadian
2022-06-28 1:31 ` Vagrant Cascadian
2022-06-28 9:30 ` Efraim Flashner
2022-06-28 15:39 ` Jack Hill
2022-06-28 16:04 ` Tobias Geerinckx-Rice
2022-06-28 16:18 ` Gábor Boskovits [this message]
2022-06-28 16:33 ` Vagrant Cascadian
2022-06-28 19:06 ` Tobias Geerinckx-Rice
2022-06-28 19:15 ` Tobias Geerinckx-Rice
2022-07-12 2:36 ` Vagrant Cascadian
2022-07-12 2:41 ` Vagrant Cascadian
2022-07-18 11:21 ` Ludovic Courtès
2022-07-19 13:09 ` Tobias Geerinckx-Rice
2022-06-07 15:15 ` Ludovic Courtès
2022-06-08 19:28 ` Arun Isaac
2022-06-08 20:25 ` Vagrant Cascadian
2022-06-14 17:16 ` Philip McGrath
2022-06-08 19:43 ` Liliana Marie Prikler
2022-06-08 20:23 ` Vagrant Cascadian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAAqdTgMcTAAOpBofnQ-fshv+PSkz3u1T2y2Jt-t9t7RX985xfA@mail.gmail.com \
--to=gboskovits@gmail.com \
--cc=efraim@flashner.co.il \
--cc=felix.lechner@gmail.com \
--cc=guix-devel@gnu.org \
--cc=julien@lepiller.eu \
--cc=me@tobias.gr \
--cc=vagrant@reproducible-builds.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.