[Slackbuilds-users] MD5 hash sums

[David O'Shaughnessy]

On 08/23/2018 12:55 AM, thyr at airmail.cc wrote:
> Sorry, the question I had in mind was about MD5 sums inside it. Seems
> kind of strange that SlackBuild archive is protected by GPG signature,
> but the actual source tarball is not signed and is protected by
> (obsolete) MD5 checksum. Aren't this situation an opportunity to MITM
> the source tarball itself, since some DOWNLOAD links are provided trough
> plain HTTP?

Let's say the user has a SlackBuild + .info file, both of which have
been signed by the SBo dev team and are authentic (thus including the
MD5). The assumption here is that the maintainer actually checks
signatures upon downloading (and that upstream devs even sign in the
first place), so the stuff in the .info is "safe".

Now the user goes to download the source listed in .info, and unbeknown
to them it has been maliciously tampered with (either on the server or
MITM, so either TLS or not, it doesn't matter). The MD5 of that altered
archive will not match the authentic MD5 found in the .info file. For an
attacker to change the upstream source archive without changing the MD5
requires a 2nd preimage attack, which as far as I understand is not
computationally feasible at present. This is different to a much simpler
collision attack, where the attacker generates two _new_ archives with
new (and matching) MD5s.

So, as long as SlackBuild maintainers are actually verifying the
signatures on source archives and not blindly trusting checksums (of any
variety) published on upstream websites, then using MD5 in this way
seems OK. That said, I do think that it would be safer practice to just
use a stronger hash function anyway (https://blake2.net/ ?), as things
can change suddenly (who knows what's around the corner).

--
Dave