[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#540215: Introduce dh_checksums

On Wed, Mar 10, 2010 at 11:13:31AM -0600, Peter Samuelson wrote:
> [Wouter Verhelst]
> > At any rate, a PGP signature takes a lot of data; much more so than
> > a checksum.  It's therefore more economical to produce a signed
> > package.checksums file than it is to produce a package.pgpsigs.
> Huh?  Since asymmetric cryptography is so computationally expensive,
> PGP never signs the payload directly.

I am aware of that.

> Instead, the payload is hashed
> and then the hash is signed.  So it is not (noticeably) more economical
> to sign foo.md5sums than to sign the whole data.tar.gz.

I was not suggesting to sign the data.tar.gz, because that is not useful
anymore once the package is installed (you do not have the data.tar.gz
anymore to verify). Instead, I was suggesting to sign individual files,
which would require several signatures per package (one per file).

Just check the length of any PGP signature, and compare it against the
lenght of a random checksum. You'll agree that a signed file with
checksums takes less data than a file with several signatures.

> Or is this not what you meant?  I'm confused.

Hope that explains,

> If you have a .deb on a different host and don't want to transfer the
> entire thing over the network, well, no reason you can't do your
> SHA16384 on both ends, and transfer only the hashes at that time.


The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.

Attachment: signature.asc
Description: Digital signature

Reply to: