[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

* Christoph Anton Mitterer <calestyo@scientia.net> [121011 19:39]:
> On Thu, 2012-10-11 at 11:35 -0500, Peter Samuelson wrote:
> > What makes sense is to use a hash that has the properties that are
> > needed for a particular application.
> Well... I think that's only really required if performance is very
> critical, e.g. when you're on embedded devices or so,... but the places
> I've mentioned should have probably no disadvantages by using a "strong"
> algo,... not to mention that newer algos like Keccack are quite fast.

There is a disadvantage of having longer hashsums, thus making it harder
for people to compare. The only reason that for those md5 is optimal and
not crc32 is that there is only one md5 and there is a nice always
available tool to compute it, so people can compare it more easy.

> > To use your example of dpkg file checksums, their purpose has _nothing_
> > to do with security.
> Well their _intended_ purpose,.. that's right.
> But nothing keeps people from using it a security manner (e.g. by
> replication it to a "secure" remote node or so).... and in fact... e.g.
> rkhunter already has a mode where it uses DPKG directly.

Everything doing something like that can also create those sha2 sums on
their own and use them. Using the debsums system (which has no security
part at all) will only weaken security. So I think what you say is an
argument for keeping md5sum, so that noone think they can use that
information for security.

        Bernhard R. Link

Reply to: