core
core copied to clipboard
Upgrade checksums to support SHA3-256
As the client now supports more modern checksum algorithms, we should start to plan a upgrade on the server. https://github.com/owncloud/client/pull/6634
SHA3-256 is supported by php natively starting from version 7.1.0
GitMate.io thinks possibly related issues are https://github.com/owncloud/core/issues/18864 (Support/Upgrade timeline), https://github.com/owncloud/core/issues/21899 (Unicode Support), https://github.com/owncloud/core/issues/15124 (MPO support), https://github.com/owncloud/core/issues/3524 (OAuth Support), and https://github.com/owncloud/core/issues/8269 (Gravatar support?).
@DeepDiver1975 @settermjd not sure about priority
@IljaN how much effort ? is it just a matter of adding a string or is it more involved ?
@ogoffart Did you think about a 'migration' strategy? new client vs old server, old server vs new client etc.
@PVince81 basically yes and modify checksum stream to calculate the new checksum. checksum column does not need widening:
php > echo strlen(hash('sha3-256',"foo") . hash('md5',"foo") . hash('adler32', "foo") . hash('sha1', "foo"));
144
After an server upgrade all checksums need to be cleared to allow recalculation with the new checksum algo in addition to the old once.
We should be extra cautious in regards to capabilities and fallback as this will be the first time that we will have clients concurrently using different checksum algos. The support is there but we have no real-life experience with it as of now.
@IljaN any estimate on time/duration for the concept, implementation + tests ?
@guruz The migration strategy is that first, the client understand new algorithm, and then later the server would use them. (Although the server can use serveral at the same time, this is also supported by the client)
@PVince81 ~2md
Just saw this problem in the source code..There is no actual reason to use SHA3.. it has zero advantage over sodium_crypto_generichash (which uses blake2b) will beat to embarrasment pretty much anything else on your main target platforms.. (~2.5x faster than sha3-256 on x86_64) you can link the client against libsodium or if that is not ok recent openssl versions have support for blake2b as well.