[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums files

On Wed, Mar 03, 2010 at 03:06:20AM +0100, Wouter Verhelst wrote:
> In this day and age of completely and utterly broken MD5[0], I think we
> should stop providing these files, and maybe provide something else
> instead.  Like, I dunno, shasums? Or perhaps gpgsigs? But stop providing
> md5sums.
> Or is it useful to be able to say "if it doesn't check out, it's
> certainly corrupt, and if it does check out, it may be corrupt"? Didn't
> think so.

As a means to check for filesystem corruptions or non-malicious changes,
MD5 is good enough. So until we have something better, I guess they can

But it would be great if the whole chain, from beginning to end, was
secured, even against a malicious and presumably very powerful attackers.
That would need:
  * Package signatures
    Currently only the release file is signed, but if you have a package
    lying around, there is no way to check its authenticity.
  * Cryptographically strong hashes for all files in the package 
    and a signature on the hash file.
    Then you could really check the authenticity of all files on the system.
    For the hash I would skip SHA-1 and move directly to SHA-256.

Oh, and a good read about the lifetime of hash algorithms can be found here: [0]


[0] http://valerieaurora.org/hash.html

Reply to: