On Wed, Mar 03, 2010 at 03:06:20AM +0100, Wouter Verhelst wrote:
> In this day and age of completely and utterly broken MD5[0], I think we
> should stop providing these files, and maybe provide something else
> instead. Like, I dunno, shasums? Or perhaps gpgsigs? But stop providing
> md5sums.
>
> Or is it useful to be able to say "if it doesn't check out, it's
> certainly corrupt, and if it does check out, it may be corrupt"? Didn't
> think so.
As a means to check for filesystem corruptions or non-malicious changes,
MD5 is good enough. So until we have something better, I guess they can
stay.
But it would be great if the whole chain, from beginning to end, was
secured, even against a malicious and presumably very powerful attackers.
That would need:
* Package signatures
Currently only the release file is signed, but if you have a package
lying around, there is no way to check its authenticity.
* Cryptographically strong hashes for all files in the package
and a signature on the hash file.
Then you could really check the authenticity of all files on the system.
For the hash I would skip SHA-1 and move directly to SHA-256.
Oh, and a good read about the lifetime of hash algorithms can be found here: [0]
Cheers,
harry
[0] http://valerieaurora.org/hash.html
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100303133905.gb11...@nn.nn
