[MacPorts] #63885: Replace rmd160 use in MacPorts with something else
MacPorts
noreply at macports.org
Wed Nov 10 20:19:50 UTC 2021
#63885: Replace rmd160 use in MacPorts with something else
-------------------------+--------------------
Reporter: ryandesign | Owner: (none)
Type: defect | Status: new
Priority: Normal | Milestone:
Component: base | Version:
Resolution: | Keywords:
Port: |
-------------------------+--------------------
Comment (by pmetzger):
So I'm not sure there's a security reason to use two algorithms at once;
SHA256 is enough for our purposes. We could just deprecate using two
checksums at once.
Alternatively, if we decide we really need to use two, I'd recommend using
SHA-3 which is Keccak based and uses a quite different construction than
SHA-2, and is a national standard. Using a different construction makes it
less likely that both SHA-2 and SHA-3 would have security issues at once.
If tastes run against SHA-3, I'd suggest BLAKE2 or BLAKE3, which are based
on very heavily studied primitives.
In no case should a hash as short as 128 bits be used; birthday attacks on
such hashes are feasible.
However, again, my own recommendation would be to just drop RMD160 and not
replace it with anything.
--
Ticket URL: <https://trac.macports.org/ticket/63885#comment:5>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list