#saltr (irc2p) | I2P+ 2.10.0-14+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | notbob.i2p | ramble.i2p | drop.i2p | shinobi.i2p | wall.i2p | /msg an op for voice

#saltr

/2025/04/11

Online: 52

~dr|z3d

@RN

@RN_

@StormyCloud

@T3s|4

@not_bob_afk

@orignal

@postman

@zzz

%Liorar

%acetone

+FreefallHeavens

+Onn4l7h

+Over

+Sh0ck

+bak83_

+bpb

+leopold_

+uop23ip

+xHarr

Arch

BubbRubb

Danny

DeltaOreo

H20

Irc2PGuest16752

Irc2PGuest33667

Irc2PGuest97218

Maylay

Meow

ac9f_

anontor

b4dab00m

duck

gellegery

halloy13412

john231

makoto

nZDoYBkF_

nilbog-

ntty`

poriori_

profetik1

r00tobo[2]

r00tobo_BNC

shiver_

simprelay

solidx66

thetia

u5657

vivid_reader56

zer0bitz_

zzz I now have 6 of my 7 MRs merged, after that will turn to littler stuff like this

dr|z3d testing, testing, are you receiving, snex, over...?

snex yes i receive

dr|z3d excellent.

snex the lyrics i posted when it happened both times were a famous song by The Animals

snex its definitely those lyrics

snex postman: please check your shadowban rules for that

fox it lives

fox oof 31 names

snex ?

fox *** passes the rig to RN ***

fox *** wanders off to find psi and his cat ***

snex fox i will bet you 100 internet points that you cant sing the first verse to "house of the rising sun" by the animals

fox THERE ONCE, WAS A MAN, FROM NEW ORLEANS

fox so did putin push all the russians out windows or are they still here?

fox *** need to add slow's index if it still exists ***

dr|z3d *** winks at snex ***

fox dr|z3d: has i2p had any audits recently? also any talk of switching to pqc?

zzz changelog MR is up, so eyedeekay doesn't run out of things to do

eyedeekay Me? Running out of things to do? never.

dr|z3d yes, fox

dr|z3d zzz and orignal are working on post-quantum.

zzz Blinded message

dr|z3d and a partridge in a pear tree ...

dr|z3d :)

eyedeekay Acked changelog MR, likely to same for the logs page MR

zzz ok those are small beans though, the last one I need soon is the BW params

eyedeekay Yup will respond by the end of the day, that and the HTTP Server threading one required the most serious thinking

fox kyber?

fox or maybe they picked something more original

fox *** will see himself out ***

dr|z3d i2p-projekt.i2p/spec/proposals/169-pq-crypto

fox so almost kyber

fox lots of metions of sha256 lol atleast it's not md5

orignal md5?

orignal what are you talking about?

zzz well, that's another question. We could move to blake or sha3, but if sha256 is broken all of i2p is broken

orignal never heard that sha256 is broken

zzz if we do want to switch, now is the time

orignal we should switch to one suppoerted by sha-ni

zzz MLKEM requires SHA3-256 and -512 already, so I'd prefer one of those over blake

zzz might take a while to make a decision on things like this

orignal it's inside it

orignal you don't have to call it explicitly

orignal yes sha3 then

zzz so I'd prefer you didn't include MLKEM in your next release, or at least hide it behind some sort of test config

orignal no I'm not going to

orignal people can play with type 5 but it's not offcial

zzz so sha-ni does sha3?

orignal not sure

zzz to be clear, what I think fox is talking about is the hash function for noise mixHash(). If we change it, it would change the Noise initializer strings

orignal it's hmac if I remeber

zzz right, the hash function for the hmac

orignal yes it's sha256

orignal not problem for me to implement new MixHash

zzz with a noise lib, you specify what hash function when you set it up, so it's pretty easy to change

orignal for me any hash is fine as long as it's in openssl

zzz yup. Just have to do research and then decide

zzz sounds like fox probably has an opinion

fox imho switch it all now with the pqc upgrade

fox sha256 doesn't have any major flaw im aware of but in these times of orwellian governments willing to dump billions into AI and presumably quantum computers something like sha3 would have a better safety margin

zzz safety margin reference?

orignal quantum computers have nohing to do with hashes

fox grover's algorithm

zzz funny thing, your friend psi used to bug us a lot about switching hash algos

orignal you mean Jeff?

fox i haven't been able to get ahold of jeff in years

orignal are you that fox from Toronto?

fox think he got a corp job and turned republican somehow

fox lol no but im somewhat familiar with ca

zzz he's still alive and kicking on github

orignal zzz, could you refresh my memory who is this guy?

zzz dunno

fox yeah i saw github and iirc yggdrasil in i2pd is his baby

orignal but you know he is in touch with psi

orignal what?

fox *** is an inigma ***

orignal how is he related to ygg in i2pd?

orignal this was acetone's idea

fox *** throws an ignious rock at RN ***

zzz "* fox wanders off to find psi and his cat"

orignal lol

fox i could totally be wrong. i remember psi had some project with a norse name

fox zzz: yeah never found him or his cat. i could email him but bleh

zzz lokinet

orignal lohinet ))

fox oh yah that's it

fox come to think of it we used to have a double phd student here trying to make some kind of overlay network in elixir

orignal for those who doesn't know what lohi mean

orignal lohi - лохи

orignal like loosers/victims

fox *** has returned in expectation of a migration as the great firewall of... probably palantir or oracle goes up ***

orignal knijka.i2p is all about them))

fox that wall of russian is long enough to encircle berlin

orignal and not pnly berlin

fox suppose i'll take it psi was killed and replaced by the thing. rip

orignal no. he has grown up ))

fox not sure up is the right adjective

zzz so you have a link to a reference supporting your safety margin claim?

fox grover's algorithm wikipedia page

zzz ok

fox tldr cut bit strength in half. doens't break 256 that i remember

fox last time i talked to a math major about it my takeaway was quantum computers put some hash algorithms in range of other attacks in theory

zzz that wiki page doesn't explicitly compare SHA3 and SHA2 in any measurable way

dr|z3d kerkour.com/fast-secure-hash-function-sha256-sha512-sha3-blake3

dr|z3d see also: cryptobook.nakov.com/quantum-safe-cryptography

dr|z3d tldr:

dr|z3d > SHA-2 has proved to be secure over time (minus length extension attacks), and many think that it won't be broken in our lifetime. Thus SHA-3 isn't more secure than SHA-2 in the real world. It also doesn't help that the SHA-3 standards defined more than a dozen different functions and that everybody is confused about what to use and when.

dr|z3d > Thus, there are virtually no reasons for developers to use SHA-3 instead of SHA-2 other than for key derivation where its poor performance doesn't matter, but it's "stronger" security does.

dr|z3d > SHA-512 is slower than SHA-256 on both x86_64 and arm64 architecture, but with hardware acceleration, which is becoming ubiquitous, the gap is very small, and, as we've seen earlier, it's certainly "fast enough" for most use cases, as your bottleneck will be I/O. Furthermore, the BHT attack, hypothetically reducing the security of 256 bit hashes from 2128 to 285 may scare more than one checkbox ticker auditor

dr|z3d in 2030, and you will have to justify using the (theoretically) "weaker" 256 bit version instead of the 512 bit version.

dr|z3d > So, by eliminating all the other functions I think we have our winner: go for SHA-512.

mareki2p In SHA-2 family of functions the SHA-256 suffers from length extension attack. SHA-512/256 does not suffer from this (and is faster on 64bit computers).

mareki2p SHA-512 is "basically" extactly the same as SHA-256 except: It uses 64bit operations instead of 32bit operations, has 2x the size of input block, and 2x the size of output block, has 80 rounds instead of 64 rounds. So yes, SHA-512 is faster than SHA-256 on 64bit hardware.

mareki2p Hardware acceleration changes that, as SHA-512 comes only with Zen5 and Lunar Lake and Arrow Lake.

fox sha512 also seems like a perfectly reasonable choice if you prefer time tested

fox any of you know how to set tunnel hops and ammount i2pd? im only seeing refrence to i2cp and options for exploratory in conf

zzz that first link is a good one, thx drz

zzz it would seem to point us to SHA-512

mareki2p And BLAKE3 could be parallelized, each 1kB of data could be hashed independently resulting in multiple digests which are later combined.

zzz 99.9% of our hashing use cases, including ratchet, are over small data sizes

fox does i2p still have many routers on 32 bit?

dr|z3d *thumbs up* zzz

dr|z3d you might as well ask the percentage of i2p routers running in computer cases colored beige, fox.

dr|z3d we have no way of knowing.

fox i had thought that was a tracked metric somehow

fox *** visits stats.i2p ***