core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon owncloud

Upgrade checksums to support SHA3-256

Open IljaN opened this issue 5 years ago • 9 comments

As the client now supports more modern checksum algorithms, we should start to plan a upgrade on the server. https://github.com/owncloud/client/pull/6634

SHA3-256 is supported by php natively starting from version 7.1.0

IljaN avatar Jul 17 '18 08:07 IljaN

GitMate.io thinks possibly related issues are https://github.com/owncloud/core/issues/18864 (Support/Upgrade timeline), https://github.com/owncloud/core/issues/21899 (Unicode Support), https://github.com/owncloud/core/issues/15124 (MPO support), https://github.com/owncloud/core/issues/3524 (OAuth Support), and https://github.com/owncloud/core/issues/8269 (Gravatar support?).

ownclouders avatar Jul 17 '18 09:07 ownclouders

@DeepDiver1975 @settermjd not sure about priority

PVince81 avatar Jul 17 '18 09:07 PVince81

@IljaN how much effort ? is it just a matter of adding a string or is it more involved ?

PVince81 avatar Jul 17 '18 09:07 PVince81

@ogoffart Did you think about a 'migration' strategy? new client vs old server, old server vs new client etc.

guruz avatar Jul 17 '18 16:07 guruz

@PVince81 basically yes and modify checksum stream to calculate the new checksum. checksum column does not need widening:

php > echo strlen(hash('sha3-256',"foo") . hash('md5',"foo") . hash('adler32', "foo") . hash('sha1', "foo"));
144

After an server upgrade all checksums need to be cleared to allow recalculation with the new checksum algo in addition to the old once.

We should be extra cautious in regards to capabilities and fallback as this will be the first time that we will have clients concurrently using different checksum algos. The support is there but we have no real-life experience with it as of now.

IljaN avatar Jul 17 '18 16:07 IljaN

@IljaN any estimate on time/duration for the concept, implementation + tests ?

PVince81 avatar Jul 18 '18 06:07 PVince81

@guruz The migration strategy is that first, the client understand new algorithm, and then later the server would use them. (Although the server can use serveral at the same time, this is also supported by the client)

ogoffart avatar Jul 18 '18 08:07 ogoffart

@PVince81 ~2md

IljaN avatar Jul 18 '18 08:07 IljaN

Just saw this problem in the source code..There is no actual reason to use SHA3.. it has zero advantage over sodium_crypto_generichash (which uses blake2b) will beat to embarrasment pretty much anything else on your main target platforms.. (~2.5x faster than sha3-256 on x86_64) you can link the client against libsodium or if that is not ok recent openssl versions have support for blake2b as well.

crrodriguez avatar Apr 21 '22 21:04 crrodriguez