Re: [PLUG] free courses, systemd Win, hashquines

brent timothy saner via plug on 25 Sep 2022 01:29:33 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] free courses, systemd Win, hashquines

From: brent timothy saner via plug <plug@lists.phillylinux.org>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] free courses, systemd Win, hashquines
Date: Sun, 25 Sep 2022 04:29:27 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date; bh=Ah1Hlm6+v5j4wGIIsOB2vvr5shOMAIuwZRXKAG18rL0=; b=ZzrToVLKkvMqX2OPc4Ety3yJ3gkpMCKvzWlfdD9ZlZZD3zM3N1riccsiPqnYz4ZvL9 q33o4MraPqUch6SC0ovpAAKj97kND6V7AEnDYQX5bQHmAx14pGox8SgqSc9LDcb5TOoP n6gdT9JNDk1tbV7q+oKerUqM29bDRdS6lCC2penBJzMt8r4xoQwJfox9zjuOYTtocd8p KH1TkLA49JV75AKt26btF964o9utWWboJDeE5xDHHMNzGVqiFX30NS0BMpppDksBnsTR SodrICJxlbfJKVAqkULF2s31x+O4GJeIgzeYs4oidayaIextgNsLyou7YrjGRq+cAjTZ rv9A==
Reply-to: brent timothy saner <brent.saner@gmail.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2

On 9/24/22 16:30, Walt Mankowski via plug wrote:

On Sat, Sep 24, 2022 at 02:30:46PM -0400, brent saner via plug wrote:

MD5 is well and truly broken. It shouldn't be trusted for anything except
transmission integrity checking, and even then there are significantly
better alternatives.


I don't trust MD5 for external files, but I still run md5sum on
directories to check for duplicate files, mainly because it's a lot
faster than sha1sum. Are there alternatives you recommend?
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

If you have *total control* over the directory/directories, that's stilla valid use case for MD5, IMHO.

But! If you have the *option*, I'd highly recommend BLAKE2[0]. (There isa BLAKE3, which is even faster, but support/implementation/availabilityis far from prevalent.)


Like MD5 (and a handful of others), it has its own RFC.[1]

There are two basic variants, BLAKE2s and BLAKE2b. You likely wantBLAKE2b, where given the choice; BLAKE2s is moreso for 32-bit machines.

It's faster* than MD5 for checksumming (what you'd usually use it foranyways these days) with the benefit of being "as strong" as the SHA-3suite for integrity. It uses ChaCha under the hood, which - to myknowledge - has no vulns (but CAN be extremely tricky to *use* withoutany vulns if the spec isn't followed exactly).


Mini-Rosetta for you:

(SH) md5sum => b2sum (part of coreutils; it's likely already installed)

(Perl) Digest::MD5 => https://metacpan.org/pod/Digest::BLAKE2 (andlikely others; I'd imagine there's a pure Perl implementation)


(Python) hashlib.md5() (unless FIPS) => hashlib.blake2b()/hashlib.blake2s()

(Golang) crypto/md5 => golang.org/x/crypto/blake2b,golang.org/x/crypto/blake2s


(Rust) md5 => blake2

HTH

* Basic benchmarks show it roughly 2.5% faster than MD5 for BLAKE2s, anda quite impressive ~33% faster than MD5 for BLAKE2b.



[0] https://www.blake2.net/
[1] https://www.rfc-editor.org/rfc/rfc7693
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] free courses, systemd Win, hashquines
  - From: JP Vossen via plug <plug@lists.phillylinux.org>

References:
- [PLUG] free courses, systemd Win, hashquines
  - From: jeffv via plug <plug@lists.phillylinux.org>
- Re: [PLUG] free courses, systemd Win, hashquines
  - From: Walt Mankowski via plug <plug@lists.phillylinux.org>
- Re: [PLUG] free courses, systemd Win, hashquines
  - From: Philip Rushik via plug <plug@lists.phillylinux.org>
- Re: [PLUG] free courses, systemd Win, hashquines
  - From: brent saner via plug <plug@lists.phillylinux.org>
- Re: [PLUG] free courses, systemd Win, hashquines
  - From: Walt Mankowski via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] free courses, systemd Win, hashquines
Next by Date: Re: [PLUG] free courses, systemd Win, hashquines
Previous by thread: Re: [PLUG] free courses, systemd Win, hashquines
Next by thread: Re: [PLUG] free courses, systemd Win, hashquines
Index(es):
- Date
- Thread