Re: md5sums files

[Harald Braumann <harry@unheit.net>]

On Wed, Mar 03, 2010 at 03:06:20AM +0100, Wouter Verhelst wrote:
> In this day and age of completely and utterly broken MD5[0], I think we
> should stop providing these files, and maybe provide something else
> instead.  Like, I dunno, shasums? Or perhaps gpgsigs? But stop providing
> md5sums.
> 
> Or is it useful to be able to say "if it doesn't check out, it's
> certainly corrupt, and if it does check out, it may be corrupt"? Didn't
> think so.

As a means to check for filesystem corruptions or non-malicious changes,
MD5 is good enough. So until we have something better, I guess they can
stay.

But it would be great if the whole chain, from beginning to end, was
secured, even against a malicious and presumably very powerful attackers.
That would need:
  * Package signatures
    Currently only the release file is signed, but if you have a package
    lying around, there is no way to check its authenticity.
  * Cryptographically strong hashes for all files in the package 
    and a signature on the hash file.
    Then you could really check the authenticity of all files on the system.
    For the hash I would skip SHA-1 and move directly to SHA-256.

Oh, and a good read about the lifetime of hash algorithms can be found here: [0]

Cheers,
harry

[0] http://valerieaurora.org/hash.html