On 2019-12-13 14:54:14 +0100 (+0100), Simon Richter wrote: > On Fri, Dec 13, 2019 at 10:55:34AM +0100, Thomas Koch wrote: > > nix-2.3.1.tar.xz.asc - which signs the .sha256 > > nix-2.3.1.tar.xz.sha256 - which contains the hash of the tarball > > nix-2.3.1.tar.xz > > I'd grumble about this in the general direction of upstream. The > signature is generated over a hash of the input data in any case, > so using a hash as the input data does not gain anything, you just > lose automatic verification. Not only that, but blindly composing cryptographic primitives can weaken the resulting output (for example if, in a case like this, the input hash were to be shorter than the signing system's internal hash... granted their HMAC in question is likely already using SHA2-256 as well, I haven't checked). -- Jeremy Stanley
Attachment:
signature.asc
Description: PGP signature