[Slackbuilds-users] MD5 hash sums

[David O'Shaughnessy]

On 08/23/2018 03:45 PM, T3 slider wrote:
> The download files do not necessarily have to be tar archives, and in
> some cases (generally those with multiple download files and therefore
> multiple checksums), individual files can be included for download.
> Intentional PDF collisions have been around for ages
> (see https://www.mscs.dal.ca/~selinger/md5collision/
> <https://www.mscs.dal.ca/%7Eselinger/md5collision/> ), so if a
> SlackBuild includes some documentation as a download link, and the
> upstream server has since been compromised, a user could definitely be
> stuck with a malicious file even if the SlackBuild maintainer did
> everything right and verified upstream signatures. It is probably more
> difficult to generate tarballs with collisions but I'm guessing it isn't
> quite as difficult as we're pretending it is, and it's irrelevant since
> unzipped files can be passed as download links.

I don't see how this works if each individual download (either archive
or single uncompressed file) has its own MD5. My understanding of
collisions is that one can easily create two differing files with
matching MD5 sums (so the original innocuous file A plus a malicious new
file B), but that this necessarily creates a new (shared) MD5 sum. If
the target MD5 is given beforehand (i.e., the one(s) in the info file),
then a preimage attack is required which is impractical.

> 
> Simply put, this is bad security. Anyone who disagrees doesn't
> understand the problem. Can't we just add an optional sha256sum in the
> .info file and maintainers can gradually add these checksums to their
> SlackBuilds, targeting some point in the future that these fields will
> be required (and possibly the md5s retired)?

An optional sha256sum field seems reasonable to me.

--
Dave