Add Blake2B hash support ? #668
Comments
|
The only argument against adding new algorithms is that keeping implementations compatible with each other is something many of us want -- and currently [sha256, sha512] is the set known to be supported by the major TUF implementations... That said, blake2b is good and is already supported by python-tuf (since python-tuf supports everything hashlib does and for better or worse leaves the compatibility issues for the user to resolve...). There is one detail in the python-tuf implementation I will point out: Checklist for better blake2b support in TUF ecosystem in general would be
|
|
@jku Agree specifically with your "common hash algorithm" point. Before opening this issue yesterday, I did look through the TUF spec and I was surprised there was no list of hash algorithms, not even
So theoretically under the present spec wording there is no guarantee of |
This is correct and in fact even the signing algorithms are just examples: no support is required IIRC. The tuf spec desperately needs a companion "implementer notes" document but the best we have at the moment is the conformance test suite |
|
We have something like this with the POUF system in Uptane
<https://uptane.org/enhancements/pouf/pouf-main>. Most TUF
implementations are in their own ecosystem, which may make interoperability
less important.
…On Wed, Jan 22, 2025 at 10:03 AM Jussi Kukkonen ***@***.***> wrote:
So theoretically under the present spec wording there is no guarantee of
sha256 or sha512 support, let alone blake2b.
This is correct and in fact even the signing algorithms are just examples:
no support is required IIRC. The tuf spec desperately needs a companion
"implementer notes" document but the best we have at the moment is the
conformance test suite
—
Reply to this email directly, view it on GitHub
<#668 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGROD4U4CMNFB27UA5EOIL2L6XN5AVCNFSM6AAAAABVS2ZP4CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMMBXGQ4DSMBSGA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
This was almost certainly a self fulfilling prophecy: Because tuf libraries did not (and could not) guarantee compatibility with each other, of course end users avoided using TUF for anything that would require interoperability: Doing so would have been foolish of them. |
Interestingly:
So not required, but "RECOMMENDED", which is more than can be said for the hashes which are left as an "exercise to the reader". 😆 |
Currently you have
sha256andsha512.Could you consider adding
blake2bin 256 & 512 ?Yes the blake functions are under
/x/cryptobut as Filippo Valsorda (maintainer of crypto/... and x/crypto...) says here, you should not treat them differently as they are maintained in the same manner. Its just thatxhas a faster cadence.As for why Blake2b ? The official website covers it nicely. TL;DR 64-bit friendly and works better on constrained machines, especially those with no hardware acceleration for SHA.
The text was updated successfully, but these errors were encountered: