Pierre Schmitz schrieb:
On Sat, 29 Nov 2008 15:00:20 +0100, Thomas Bächler <thomas@archlinux.org> wrote:
If this is to provide any security, we need to stop using md5! md5 is okay when trying to detect corrupted downloads, however it is possible to find collisions and thus build a "bad" package that has the same md5 as the good package.
Well, it should be quite easy to use sha instead. I am not an expert but how easy is it to produce a valid package with the same md5sum? I know that creating "some" file is not hard.
You can append arbitrary data at the end of a gzip file (this was used in the construction of the "forbidden prime number"). Thus you could create a relatively small malicious package and then try to construct a collision by appending data to the file. It should not be much harder than finding any collision, but I am no expert either.