On Tue, Jan 29, 2008 at 12:00:56PM +0000, Colin Watson wrote: > Signing a message generally actually amounts to taking some hash of it > and signing that; you don't run expensive algorithms like RSA over the > whole message. Since the MD5 hashes are useful to expose anyway, I don't > see any cryptographic benefit in making GPG do this computation again > (aside from the possibility that it would use a different hash, but then > we could usefully expose the result of that hash too). > > See e.g. http://en.wikipedia.org/wiki/Digital_signature for a short > discussion of why signatures are in fact implemented by signing a hash > rather than the whole message.
I suppose the main benefit would be in having a painless transition to newer hash algorithms as GnuPG is updated. If we want to solve this once and for all (and I think we do), then as Neal points out, we need to include support for multiple hash algorithms, rather than merely switching from MD5 to SHA-x. This means either generating multiple files in the existing format, or requiring some other tool which can interpret the checksum file and verify the images. GnuPG, as a widely available, standard tool which handles this gracefully, seemed like a good choice. > As Neal noted, MD5 hasn't yet had second-preimage attacks, so I am not > concerned about practical attacks at this time. Publishing SHA256 hashes > would be fairly reasonable; the only reason we have not yet done this is > that the checksumming process is already the slowest part of the CD > release process by some distance due to some inefficiencies in that > process (i.e. the images are checksummed again rather than copying the > existing checksums from the daily build), and I feel we should fix that > first otherwise it makes release day even more painful. It would be useful if we could do these in a single pass, but if we can't, then I guess it makes sense to continue to sign the hashes instead. We'll have to do this over again at some point, though. -- - mdz -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
