The SHA1 replacement plan [Hash function part]
Augie Fackler
raf at durin42.com
Wed Aug 5 20:24:01 UTC 2020
On phone, sorry for top post. I'd say making new hashes require python 3 is
eminently reasonable at this point.
On Wed, Aug 5, 2020, 16:10 Joerg Sonnenberger <joerg at bec.de> wrote:
> On Wed, Aug 05, 2020 at 03:24:48PM -0400, Augie Fackler wrote:
> >
> >
> > > On Jul 28, 2020, at 16:23, Joerg Sonnenberger <joerg at bec.de> wrote:
> > >
> > > On Tue, Jul 28, 2020 at 03:49:58PM -0400, Augie Fackler wrote:
> > >>
> > >>
> > >>> On Jul 28, 2020, at 15:29, Joerg Sonnenberger <joerg at bec.de> wrote:
> > >>>
> > >>> On Tue, Jul 28, 2020 at 02:31:09PM -0400, Augie Fackler wrote:
> > >>>>> The second most widely supported hash function would be BLAKE2s.
> > >>>>
> > >>>> I've been strongly favoring blake2b for years now. Why prefer s
> over b?
> > >>>
> > >>> Performance on 32bit platforms of blake2b is ...bad. blake2s works
> > >>> reasonable well on both. It's also one of the reasons to prefer the
> > >>> successors as they don't have the same problems.
> > >>
> > >> Why do we care one iota about 32 bit CPUs? Not trolling, sincere: even
> > >> Raspberry Pi machines are now 64-bit, so I'm pretty unsympathetic to
> > >> using a much-less-vetted hash function to help out obsolete hardware.
> > >
> > > They use pretty much the same core design, just different "tuning"
> > > choices. There is little evidence that one is more secure than the
> > > other. 32bit CPUs are still quite popular, but that's a separate
> > > discussion.
> >
> > I'm open to opt-in support for blake2s, but I strongly feel the default
> > in the future should be blake2b: it's faster on 64-bit cores than 2s,
> > and honestly having a choice here will probably help us have a more
> > generalized hash-selection mechanism in hg so that when the _next_ hash
> > crisis hits we just push a button and we're done.
>
> Sure, I can live with that choice. The primary concern is and was making
> an informed decision and not just picking the first available choice.
>
> > So, how do you feel about "blake2b by default, but it's supported to
> pick 2s instead"?
>
> Good enough for me. Do we care about Python 2 support on Windows for
> this? That's likely the only target that doesn't use OpenSSL 1.1 or
> newer Python, either of them would support blake2b out of the box.
>
> Joerg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mercurial-scm.org/pipermail/mercurial-devel/attachments/20200805/756219f2/attachment-0002.html>
More information about the Mercurial-devel
mailing list