X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mail-it0-f41.google.com (mail-it0-f41.google.com [209.85.214.41]) by lists.alpinelinux.org (Postfix) with ESMTP id B11715C0581 for ; Thu, 8 Mar 2018 21:49:35 +0000 (GMT) Received: by mail-it0-f41.google.com with SMTP id v194-v6so406438itb.0 for ; Thu, 08 Mar 2018 13:49:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vu4Mt2pYGla4hix8At/zVI8fiNw2whcH0bdx/Orek/8=; b=Z3b239e078hVjNy0RYqpJOtZfm3KZEueLYmPwQXejssJc5fPnjat7ECUh0TSQ+atNg XVufqyo+UBaR+/+F6XfkP804D6qNSfKRBsEYjBE1dFCYaq+L/9E95CUlKXW25HjqCuLc uUzqPrtSIrF8PtFaNldacJxmW+tsQkf8CbzYAc7vxstrCUPNVtMDoSttdAbdxKMTe0Za kufofQiDW0O/Yg8pfppzQafMnKyHPP0Rrq5i42W0VuL+D5TVK4fvCPYVQSTLqUbYvvJd 70ZSYZfYE3z94MTXG0+bp5ocVvvanK3YsN/7slcW9kTUBEopEHdyhCo0aN/dOlVe7GHA OYfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vu4Mt2pYGla4hix8At/zVI8fiNw2whcH0bdx/Orek/8=; b=Qr7i/LKjxH+PYYCPISAR7fLkXdxUeO+7Ke/9gsAr8IoxerEH3/8ceiZML10hACkpG0 o4U4cS8gxNe0o7kpcubNg4YH/d/yPjgak+8KOOgaf8Bz8ko8+wxaZbC6vVgOHMlbvZ1d aD2d+kyWSEmEy3Cl3g4JrlQc9OoA/0EHo+pAI7pgoo2jmQpTR6//Ji4HYXfK2grrdptZ wDEFj7I57/gJWC4MH9carorOg9kiVVrivefo/TehAXJdrISCVCGLunfiu91+VY66ahV+ kxKAaT0bb0qpLHHoq8B9CXvjM0oI9xVXDpFZ0Y7MPN7JV56Myo7NnjAdl+XiRTSISPMc KyDg== X-Gm-Message-State: AElRT7GcPV4jhc5hVd/aLNeCqoV8l/atCUtlS2AyYhOFcvzvtFZRHiMR 1t8gTLtgBsSuiuQHiUCYPXbFpbBhoFiAFuf1kTU= X-Google-Smtp-Source: AG47ELuf7hBah7naDdJey9JNZWS4F4UJO9BRW0hiie8TK3+rpz7L2Kdh708x7zaSlDydAJyOaezKejTaI4EYICscdVE= X-Received: by 2002:a24:650a:: with SMTP id u10-v6mr507980itb.20.1520545774835; Thu, 08 Mar 2018 13:49:34 -0800 (PST) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Received: by 10.79.229.204 with HTTP; Thu, 8 Mar 2018 13:49:34 -0800 (PST) In-Reply-To: <20180308145356.6355eafe@vostro.util.wtbts.net> References: <257B6969-21FD-4D51-A8EC-95CB95CEF365@ferrisellis.com> <20180308145356.6355eafe@vostro.util.wtbts.net> From: Alba Pompeo Date: Thu, 8 Mar 2018 18:49:34 -0300 Message-ID: Subject: Re: [alpine-devel] Upgrading package signatures from SHA1 to SHA2 digest. To: Timo Teras Cc: Ferris Ellis , "alpine-devel@lists.alpinelinux.org" Content-Type: multipart/alternative; boundary="000000000000c61d9b0566eda607" --000000000000c61d9b0566eda607 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I suggest BLAKE2b. https://monocypher.org/manual/crypto_blake2b.html#DESCRIPTION Faster than MD5, as secure as SHA3. On Thursday, March 8, 2018, Timo Teras wrote: > Hi > > On Wed, 7 Mar 2018 18:28:49 -0500 > Ferris Ellis wrote: > >> I was looking into using a crypto-service to do Apline package build >> signatures (as opposed to using a key on disk) and in doing so >> stumbled across the fact that Alpine package signatures currently use >> SHA1 digests. After a quick search on https://lists.alpinelinux.org I >> didn=E2=80=99t see any prior discussions related to this fact and thus a= m >> posting this to the mailing list. >> >> I wanted to start a dialog about the possibility of moving to using >> SHA2 digests (I would presume SHA256 would be the preferred option) >> for signatures as SHA1 is deemed insecure by many and is being phased >> out for most usage of PKI. This includes my use case, where the >> crypto-service I have deliberately no longer offers signatures with >> SHA1 digests and instead offers standard SHA2 digests. >> >> If the community is interested I=E2=80=99m happy to submit a more formal= RFC >> on this. But, as I=E2=80=99m relatively new to the mailing list, I figur= ed it >> was best to start with just a dialog! > > I have been working to update .apk and index formats to binary. I was > hoping to do the hash algorithm change there. While I do have the > design ready, and some code too, it's taking a bit more than expected. > > I am willing to accept backwards compatible patches at this point even > for the current formats. The signatures could be pretty easily updated. > Just add a new prefix type to identify the signatures as rsa-sha256 or > similar. > > However, sign only the control.tar.gz part of apk. That in turn > contains hash for the control.tar.gz part containing the package > metadata. Changing this 'identity hash' from sha1 to sha256 would be > more intrusive. Same applies to the individual file checksums kept in > the file database for audit purposes. However, control.tar.gz does have > stronger hash (sha256) for data.tar.gz which contains the actual file > data content. > > Timo > > > --- > Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org > Help: alpine-devel+help@lists.alpinelinux.org > --- > > --000000000000c61d9b0566eda607 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I suggest BLAKE2b.

https://monocypher.org/manual/crypto_blake2b.html#= DESCRIPTION

Faster than MD5, as secure as SHA3.

On Thursd= ay, March 8, 2018, Timo Teras <timo= .teras@iki.fi> wrote:
> Hi
>
> On Wed, 7 Mar 2018 = 18:28:49 -0500
> Ferris Ellis <ferris@ferrisellis.com> wrote:
>
>> I was look= ing into using a crypto-service to do Apline package build
>> sign= atures (as opposed to using a key on disk) and in doing so
>> stum= bled across the fact that Alpine package signatures currently use
>&g= t; SHA1 digests. After a quick search on https://lists.alpinelinux.org I
>> didn=E2=80=99t see = any prior discussions related to this fact and thus am
>> posting = this to the mailing list.
>>
>> I wanted to start a dialo= g about the possibility of moving to using
>> SHA2 digests (I woul= d presume SHA256 would be the preferred option)
>> for signatures = as SHA1 is deemed insecure by many and is being phased
>> out for = most usage of PKI. This includes my use case, where the
>> crypto-= service I have deliberately no longer offers signatures with
>> SH= A1 digests and instead offers standard SHA2 digests.
>>
>>= ; If the community is interested I=E2=80=99m happy to submit a more formal = RFC
>> on this. But, as I=E2=80=99m relatively new to the mailing = list, I figured it
>> was best to start with just a dialog!
>= ;
> I have been working to update .apk and index formats to binary. I= was
> hoping to do the hash algorithm change there. While I do have = the
> design ready, and some code too, it's taking a bit more tha= n expected.
>
> I am willing to accept backwards compatible pat= ches at this point even
> for the current formats. The signatures cou= ld be pretty easily updated.
> Just add a new prefix type to identify= the signatures as rsa-sha256 or
> similar.
>
> However, = sign only the control.tar.gz part of apk. That in turn
> contains has= h for the control.tar.gz part containing the package
> metadata. Chan= ging this 'identity hash' from sha1 to sha256 would be
> more= intrusive. Same applies to the individual file checksums kept in
> t= he file database for audit purposes. However, control.tar.gz does have
&= gt; stronger hash (sha256) for data.tar.gz which contains the actual file> data content.
>
> Timo
>
>
> ---
&g= t; Unsubscribe:=C2=A0 alpine-devel+unsubscribe@lists.alpinelinux.org
> H= elp:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0alpine-devel+help@lists.alpinelinux.org
>= ---
>
> --000000000000c61d9b0566eda607-- --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---