From nobody Tue Dec 06 22:36:49 2022
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NRZz80z83z4k6mN;
	Tue,  6 Dec 2022 22:36:52 +0000 (UTC)
	(envelope-from grarpamp@gmail.com)
Received: from mail-vk1-xa2f.google.com (mail-vk1-xa2f.google.com [IPv6:2607:f8b0:4864:20::a2f])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NRZz72FFJz3KDy;
	Tue,  6 Dec 2022 22:36:51 +0000 (UTC)
	(envelope-from grarpamp@gmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20210112 header.b="HN/icL32";
	spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::a2f as permitted sender) smtp.mailfrom=grarpamp@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
Received: by mail-vk1-xa2f.google.com with SMTP id l17so2322837vkk.3;
        Tue, 06 Dec 2022 14:36:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=Y0KieX0vs/awEVLTg3SpdLfcwwMini+bi41hP4Was8A=;
        b=HN/icL32n9he4YFawBuV4Ia4jmEeqijFeerVwvD1vv6TUBy+mDb0i5HX34IJrPHPhJ
         kTSI7kbqaZiO9dOVE7uJMUgk9sKcbbLJHbcohbm30R0ZR5PCP2rgeFfbmOLtRzMsacPg
         vsVBiT297Y1yKzm3cakc6kgJymgK+YrZhvcT82pFFo/eJrIEwOhek1nrE3pF5yWiZ58p
         lRXKMl5F6O1p7712TsgEBHpcJ1LDVPy2Wwo03ww5UXLHVWl3doM/dsPECgiXtAN7sDDE
         k2VvlY/DLZ5x+30poxan8a197JxJXT47WjfpWwGMKr+PNqE+mEPxuTNISV779O3ytK47
         zE7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Y0KieX0vs/awEVLTg3SpdLfcwwMini+bi41hP4Was8A=;
        b=qEeVWzK3CcNv1yQBD26m9vVwU55oTNRRnUTkBLag+Le04mWG7cXHmsBlj6uSuUZneG
         F77x/6YQYPTvATJtEIGQj00HQHWSg2rF43/vcB9P7Owx7BTSt/RehkalRc4r9/PMSdIZ
         4d68WlmW1IdUWbTqcBK+45AAVeGq4Td2/Oug+1kPj6fWZ+rshDlN8QYlAwqFFsdLvlVR
         mvM3wdynOceB5K7v6NbRKP6yCk3uygh6nyw60UDRPY3Rxd7+4o628zPQzAAsJJk73PcT
         K4n1ypxMesHyTI8Ih+zebBaTNcJ8FgV0EMY1Rn2mZ+7uKmH71yLPzINngGnuZtG4y4jg
         d3Iw==
X-Gm-Message-State: ANoB5pn1Zpb3VM7zRrc9PvSqOwh5ix1tYbTw7jK+SRbDrg/UW8Bg3HnU
	PWMHvub2TpKUHPojhypI9Zq2mvr0Ie8WeD7Mi9HxfJyPMfp074CeF6k=
X-Google-Smtp-Source: AA0mqf6c9KdwqQ6v9cur5hbMLaJFOaGGJ5UQBPghF3HGFZ+jXmBjEa+ZdO0ADzkgC2MumHZRcjQYjFCRckwldUUCpWA=
X-Received: by 2002:a1f:bfd2:0:b0:3bc:99b5:21b with SMTP id
 p201-20020a1fbfd2000000b003bc99b5021bmr13448280vkf.24.1670366210107; Tue, 06
 Dec 2022 14:36:50 -0800 (PST)
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
Received: by 2002:a59:acc2:0:b0:32b:33ff:fbc3 with HTTP; Tue, 6 Dec 2022
 14:36:49 -0800 (PST)
In-Reply-To: <6d973f68-7904-5c23-6c6b-73a76e0a4ef5@gmail.com>
References: <6d973f68-7904-5c23-6c6b-73a76e0a4ef5@gmail.com>
From: grarpamp <grarpamp@gmail.com>
Date: Tue, 6 Dec 2022 17:36:49 -0500
Message-ID: <CAD2Ti2_REV9tG6Hhgc2mO4g7EThHuS7pAvQ73p-Pdg=q90N3fg@mail.gmail.com>
Subject: Re: Add BLAKE3 hash to ISO checksums
To: freebsd-hackers@freebsd.org
Cc: freebsd-security@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Spamd-Result: default: False [-3.83 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-0.998];
	NEURAL_HAM_SHORT(-0.83)[-0.827];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112];
	MIME_GOOD(-0.10)[text/plain];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org,freebsd-security@freebsd.org];
	ARC_NA(0.00)[];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::a2f:from];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+];
	FREEMAIL_FROM(0.00)[gmail.com];
	FROM_HAS_DN(0.00)[];
	RCPT_COUNT_TWO(0.00)[2];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	TO_DN_NONE(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim]
X-Rspamd-Queue-Id: 4NRZz72FFJz3KDy
X-Spamd-Bar: ---
X-ThisMailContainsUnwantedMimeParts: N

> On first run, BLAKE3 runs at the same speed as SHA-512.
> On my system, the second run is 17x faster.

> for hash in b3sum sha256sum sha512sum
> Executed in    5.05 secs
> Executed in    7.46 secs
> Executed in    4.84 secs

> for hash in b3sum sha256sum sha512sum
> Executed in  280.16 millis
> Executed in    7.39 secs
> Executed in    4.84 secs

Any given hash function will take the same time for the same data.
Something in the system or test setup is likely returning any "17x"
difference or lack thereof... ie caching.
Until that outlier difference is investigated and identified, any speed
differences between hash functions wouldn't necessarily be reason
to add or drop any of them. Use ramdisk on dedicated or non-busy
testbeds, specify exact cpu model if testing cpu features or desiring
others to scale results to their own cpu's, average results across
multiple runs, don't publish outliers unless exploring degenerate edge
cases, etc.

> I recommend using https://crates.io/crates/b3sum

The actual reference implementation source code is here...
https://github.com/BLAKE3-team/BLAKE3

> Can we please add BLAKE3 hashes to
> https://www.freebsd.org/releases/13.1R/signatures ?

Two well chosen hash functions should be enough to cover a break in one,
and a third seems a bit overkill. FreeBSD doesn't really use or embed
them much and it can swap out broken algos faster than entities in
the world that may have hardcoded them in non-modular things.

https://en.wikipedia.org/wiki/Cryptographic_hash_function
https://en.wikipedia.org/wiki/Cryptography

If choosing crypto algos, the obvious will be one that are recognized by
crypto standards bodies, competitions, and communities worldwide,
and are in wide growing adopted use as a result of those processes.
Some of them may be listed starting from the above links.
Then whatever alternative competitors based on reviewed security
estimates, speed, family isolation by both authorship and algorithm
approach, cross platform, multi-thread, simplicity, programmability,
arbitrage of threat model/actor/geopolitic, Post-Quantum, etc
chosen from among the different algos.

FreeBSD's current choice of sha-256 and sha-512 do fail some of those
differentiators, thus it is probably reasonable to consider swapping
one of them out.

More of the leading competitors reference crypto implementations could
be added to FreeBSD ports and packages for people to play with.
There are also some dedicated all-in-one multi-hashing apps
that volunteers could also make ports of.

Tools like 'openssl dgst' already do include some,
and there are crypto libraries for Python, etc.