On Tue, Jan 29, 2008 at 09:57:55AM +0000, Matt Zimmerman wrote: > There are two reasons for checking the hashes: > > Authentication - the downloaded image is in fact the official one provided > by the Ubuntu project, unaltered > > Integrity - the downloaded image hasn't been randomly corrupted in transit > > (it happens that verifying authenticity ensures integrity as a side effect) > > Authentication, I believe, would be better served by signing the image > directly. This both avoids an attack on the intervening checksums in > MD5SUMS and provides a cryptographically stronger check. I believe the .gpg > format already supports multiple signatures with different algorithms, so > this would be reasonably future-proof.
Signing a message generally actually amounts to taking some hash of it and signing that; you don't run expensive algorithms like RSA over the whole message. Since the MD5 hashes are useful to expose anyway, I don't see any cryptographic benefit in making GPG do this computation again (aside from the possibility that it would use a different hash, but then we could usefully expose the result of that hash too). See e.g. http://en.wikipedia.org/wiki/Digital_signature for a short discussion of why signatures are in fact implemented by signing a hash rather than the whole message. As Neal noted, MD5 hasn't yet had second-preimage attacks, so I am not concerned about practical attacks at this time. Publishing SHA256 hashes would be fairly reasonable; the only reason we have not yet done this is that the checksumming process is already the slowest part of the CD release process by some distance due to some inefficiencies in that process (i.e. the images are checksummed again rather than copying the existing checksums from the daily build), and I feel we should fix that first otherwise it makes release day even more painful. Cheers, -- Colin Watson [EMAIL PROTECTED] -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
