On Sun, Aug 04, 2013 at 03:04:33AM +0000, adrelanos wrote: > Volker Birk:> On Sat, Aug 03, 2013 at 10:38:34AM +0000, adrelanos wrote: > > There will be the correct checksum, if the maintainer of the package > > does it. > Why? How and by whom are checksums defined? > > And if you're taking the build machine, you can inject “correct” > > checksums, too. > But that will get caught when someone else builds the package and comes > up with a different checksum? Or do you talk about hash collisions? No, I'm talking about the process by whom and when a checksum is defined. Whoever is able to define checksums is able to circumvent each security measure basing on such checksums. To “define” does not mean she/he has to know a secret to apply the checksum. I's enough that she/he is authorized to use the communication channel where data is injected, for which then a checksum is computed. > (Just saw, that you are discussing to move to safer hash algorithms, > thats fine and also a separate issue.) Now I'm surprised ;-) I think, this is not a matter of security of checksums here. Of course, only a digital signature will do, or at least a MAC. But I didn't talk about that yet, because I don't think it matters. To make that clear: I don't think this is a matter of security of the procedure what we're discussing. It is a matter of trusting the involved people. Yours, VB. -- pibit AG, Oberer Graben 4, 8400 Winterthur mailto:vb@pibit.ch Mobile +41 (79) 292 88 87
Attachment:
pgpDTc2nKo71a.pgp
Description: PGP signature