[Slackbuilds-users] Retire MD5 for SHA256

David O'Shaughnessy lists at osh.id.au
Wed Aug 22 02:45:51 UTC 2018


On 08/22/2018 12:46 AM, David O'Shaughnessy wrote:
> The problem then is that the MD5 cannot guarantee that a given (future)
> source archive is identical to the one that the maintainer originally
> downloaded, and that the SBo admin signed off on. Obviously though if
> the attacker has access to the upstream signing keys then it's busted
> from the start and the whole checksum thing is irrelevant anyway.

I've been doing some more reading on this and the scenario of an
attacker changing a file without the MD5 also changing is actually a 2nd
preimage attack (not a collision), and everything I've looked at says
that this is computationally infeasible using current methods. Therefore
it seems that an authentic (signed) MD5 is not broken as a file
verification method. Still, I think that switching to a stronger hash
function would be good long-term insurance.

--
Dave


More information about the SlackBuilds-users mailing list