please add sha-3-512 support additional or as an replacement for sha-256

sha-256 is broken https://en.wikipedia.org/wiki/Secure_Hash_Algorithms

Hi Pierre, we can't remove support for sha256 as it's specified and used in CT, which is one of the key trillian deployments. Also I'm not convinced that sha256 is broken in a way that affects the security of merkle trees?

That said, I think making the hash strategy configurable on a per-deployment or per-tree basis would be useful. The hash strategy for the tree is specified behind an interface, so much of the wiring required for this work is already done. The line of code that would need work to instantiate a different LogHasher is https://github.com/google/trillian/blob/master/server/log_rpc_server.go#L561.

maybe it will make sense to have that as an deployment option which hash methos is used ? what do you think

The easiest thing to do would be to add a LogHasher to the extension registry. This is already passed into the log rpc server I linked above. If this field is present then that hasher is used, otherwise the rfc6962.DefaultHasher is used. That should be a non-breaking change.

The downside to this approach is that it forces the same log hasher to be used for all trees in a deployment. In reality, I suspect that's sufficient.

@Pierre-Gronau-ndaal do you need the ability to change the hasher for a log you want to deploy?

We used to have the ability to configure hashing algorithm per tree, but it looks like that functionality was removed.

@Pierre-Gronau-ndaal unless you need this urgently, we'll take this as a feature request for future work.

Do you see hope to do it in the next three months?

SHA256 is broken for length extension attacks, but not as far as I know for collision or preimage attacks.

Could you help us understand the particular attack you see Trillian being vulnerable to due to the use of SHA256 as a Merkle tree hashing function? Understanding this would help in prioritising this work accordingly.