Migrate dependency from tiny-keccak to sha3?

[leunga]

Disclaimer: new to Rust and lalrpop.

I'm trying to import the lalrpop crate at work but the tiny-keccak dependency is giving our security reviewers some pause.
Will you be willing to migrate lalrpop from tiny-keccak to the sha3 crate?

The comments given were: "... more comfortable if we were importing the sha3 crate instead. Indeed, there hasn't been a commit in almost 4 years in https://github.com/debris/tiny-keccak, and conversely the RustCrypto organization has a track record of actively maintaining its crates, and of avoiding unsafe code whenever possible (e.g. https://github.com/RustCrypto/hashes/blob/master/sha3/src/lib.rs#L8). The RustCrypto crates are actively maintained and in this particular case the sha3 crate avoids unsafe code and has an extensive test suite."

Thanks!

[dburgener]

This change is pretty trivial to make, since we don't use the hashing much. Here's a draft PR of what it would look like: #894 I tested against the calculator9 documentation example, and it didn't change the generated hash in that case, which is a good thing.

The use of the hashing is just to compare files for possible rebuild. So this isn't a security relevant use of crypto - IMO even an md5 sum would be just fine for this use case.

That said, I don't like unmaintained crates. It does seem true to me that the RustCrypto crates are more widely used and actively maintained, while tiny-keccak is not. That said, I'm having trouble finding any sort of general community guidance around appropriate crypto crates to use. The recent xz situation has me a little sensitive to "hey grab this dependency" sorts of asks.

I think I'm tentatively in support of making this change. Unmaintained crates are major problems waiting to happen. I'd love to hear some other maintainers thoughts though.

[yannham]

I'm tentatively in favor of this change. It's not like tiny-keccak is well established or from someone widely known in the community, so while I agree that it's not always easy to get a feeling of the safety of some crates or organizations by indirect means (stars, downloads, GH activity, revdeps, etc.), all the metrics seem to indicate that RustCrypto crates are well-established and better maintained. Plus the fact that the performance should be on par, as both are using the same underlying hash functions (I don't know if tiny-keccak is really SHA3 or if it's using different parameters? but they give a comparison benchmark anyway in the tiny-keccak repo). So, it just sounds like a better drop-in replacement with no obvious drawback.

[durin42]

I know sha3 is a descendant of keccak. The description of tiny-keccak says "An implementation of Keccak derived functions specified in FIPS-202, SP800-185 and KangarooTwelve" which makes me think (given the FIPS reference) it's probably the same. But it's also worth testing if the hash leaks out via some sort of storage.

[dburgener]

I did some more research today. As far as I can tell, the RustCrypto crates do just seem to have more community credibility than tiny-keccak does. It looks like we have three maintainers at least tentatively okay with the change, so I've gone ahead and published my PR. I'm good with going ahead with this change if others are.

[dburgener]

Seems like we're all on board. I went ahead and merged the change. Thanks for the suggestion, @leunga