Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FR: Ability to configure tree hashing algorithm, along with SHA3 support #3047

Open
Pierre-Gronau-ndaal opened this issue Jul 13, 2023 · 6 comments
Labels

Comments

@Pierre-Gronau-ndaal
Copy link

Pierre-Gronau-ndaal commented Jul 13, 2023

please add sha-3-512 support additional or as an replacement for sha-256

sha-256 is broken https://en.wikipedia.org/wiki/Secure_Hash_Algorithms

@mhutchinson
Copy link
Contributor

Hi Pierre, we can't remove support for sha256 as it's specified and used in CT, which is one of the key trillian deployments. Also I'm not convinced that sha256 is broken in a way that affects the security of merkle trees?

That said, I think making the hash strategy configurable on a per-deployment or per-tree basis would be useful. The hash strategy for the tree is specified behind an interface, so much of the wiring required for this work is already done. The line of code that would need work to instantiate a different LogHasher is https://github.com/google/trillian/blob/master/server/log_rpc_server.go#L561.

@Pierre-Gronau-ndaal
Copy link
Author

maybe it will make sense to have that as an deployment option which hash methos is used ? what do you think

@mhutchinson
Copy link
Contributor

mhutchinson commented Jul 17, 2023

The easiest thing to do would be to add a LogHasher to the extension registry. This is already passed into the log rpc server I linked above. If this field is present then that hasher is used, otherwise the rfc6962.DefaultHasher is used. That should be a non-breaking change.

The downside to this approach is that it forces the same log hasher to be used for all trees in a deployment. In reality, I suspect that's sufficient.

@Pierre-Gronau-ndaal do you need the ability to change the hasher for a log you want to deploy?

@AlCutter
Copy link
Member

We used to have the ability to configure hashing algorithm per tree, but it looks like that functionality was removed.

@Pierre-Gronau-ndaal unless you need this urgently, we'll take this as a feature request for future work.

@AlCutter AlCutter changed the title sha-3-512 FR: Ability to configure tree hashing algorithm, along with SHA3 support Jul 25, 2023
@Pierre-Gronau-ndaal
Copy link
Author

Do you see hope to do it in the next three months?

@AlCutter
Copy link
Member

SHA256 is broken for length extension attacks, but not as far as I know for collision or preimage attacks.

Could you help us understand the particular attack you see Trillian being vulnerable to due to the use of SHA256 as a Merkle tree hashing function? Understanding this would help in prioritising this work accordingly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants