On 24/02/17 08:59, Giancarlo Razzolini wrote:
Em fevereiro 23, 2017 19:22 Allan McRae escreveu:
On 24/02/17 07:58, Eli Schwartz wrote:
Good luck convincing Allan (you'll *need* it...).
Not going to happen...
Allan,
I want to pitch you another line of thought. I followed that discussion last year, and I've been following closely the fallout of today's google announcement on the "practical" sha1 attack.
Anyone who actually read the paper, and got past the sensationalism and the hypeness of those vulnerabilities sites (why does everything needs a site now?), knows that it doesn't change much for our usage of sha1, or md5 for that matter.
You argued on the last year's discussion that using stronger hashes would gave the a "false sense of security". I don't disagree with that. But I want to add that using weaker (if only in keyspace or cryptographically) also creates a false sense of *insecurity*.
And this people that have this false sense of insecurity, will be the same people who will have the false sense of security, regardless of what we do. They don't use GPG, nor ever will. They don't care if upstream sign things. All they see is: md5, and now sha1, are "broken" and arch should stop using them.
With that in mind, using stronger algorithms, would be very easy for us (that patch is trivial), wouldn't have any drawbacks (just that stupid people would fell "safer"), and would make those same people to stop complaining that we don't use strong hashes.
I don't see the issue of upstream never signing things changing on the near future. So we should either do a bigger change, perhaps even that crc proposal of yours, or do this smaller change and use stronger hashes by default.
I find that a terrible argument. A