[Slackbuilds-users] Retire MD5 for SHA256
Tim Dickson
dickson.tim at googlemail.com
Fri Aug 10 13:24:55 UTC 2018
my 2cents worth...
if it aint broke...
well, the argument is that it is broke, but... using hash collisions
means either the source can be compromised, in which case it is not
reliable, or the compromise is done on the network, in which case the
network is not reliable.
If either network or source are not reliable, then the expected
checksum - whatever method used could simply be set to match the
interfered-with source code, so the attacker would not need to "crack"
the checksum, they could just make what was visible match their version
of the compromised source.
In other words, as a basic download file corruption check, md5 is simple
and convenient; any other assumptions about security depend on other
variables far more than the type of checksum used.
On 10/08/2018 08:24, B Watson wrote:
> On 8/10/18, David O'Shaughnessy <lists at osh.id.au> wrote:
>> I understand that MD5 is useful for checking for unintentionally
>> corrupted downloads, but it seems to leave open the possibility for a
>> subsequently maliciously altered archive (i.e., one that uses hash
>> collisions to produce the same MD5, but which would fail a GPG signature
>> check).
> This comes up from time to time... I personally am not opposed to it,
> theoretically it's a good idea, but it'd be a good bit of work for
> everyone (admins, maintainers, even users would be impacted).
>
> What might be feasible: have each maintainer GPG sign the source files
> and include detached signatures (.asc) in the SlackBuild directory.
> Would require a way for users to get the maintainers' public keys,
> but there are public keyservers (and we could do the 'web of trust'
> thing by signing each others' pub keys).
>
> The .info file format wouldn't have to change at all. We'd just start
> having one or more small .asc files included with the builds. Automated
> tools could check for them and verify the signatures after the download.
> If there's no signature, it would just say so, and continue the build.
>
> Doing it this way puts the burden on the individual SlackBuild maintainers
> instead of adding *yet more* work to the admins' workload, and it'd stay
> backwards compatible...
>
> Now that I think of it, this isn't at all my idea, someone on IRC was
> talking about it. Are you the same person? If so, congratulations, you
> sold me on the idea well enough that now I'm trying to sell it back to
> you :)
> _______________________________________________
> SlackBuilds-users mailing list
> SlackBuilds-users at slackbuilds.org
> https://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users
> Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/
> FAQ - https://slackbuilds.org/faq/
>
>
More information about the SlackBuilds-users
mailing list