On 07/12/16 19:35, Gregory Mullen wrote:
Grayhatter here, developer of Tox -- The security centered TAV client. No matter what the reason is, NO ONE should be using MD5. We can argue about what hash we want to use, but literally nothing, is better than using MD5. I don't mean MD5 is better than everything else, I mean NOT using a hash, is better than using MD5.
Ignoring "slight" exaggerations...
The argument that an insecure hash is fine because it doesn't need to be secure, and that PGP is a better replacement; Is a plainly BAD argument. The issue at hand is not, what should we use to verify the authenticity of the packages. The question is, is MD5 an acceptable hashing algorithm? We all know it's not. If given the choice, NO ONE who knows about the SERIOUS issues with MD5 would think it's a reasonable suggestion.
Switching to sha256/512 isn't a hard switch `sha{256,512}sum` is in coreutils (a member of base no less).
To recap... we have a lot of good reasons to drop MD5 like the broken algo it is. No applicable reasons why need to keep it. So... why haven't we replaced it yet?
I advocate keeping md5sum as the default because it is broken. If I see someone purely verifying their sources using md5sum in a PKGBUILD (and not pgp signature), I know that they have done nothing to actually verify the source themselves. If sha2sums become default, I now know nothing. Did the maintainer of the PKGBUILD get that checksum from a securely distributed source from upstream? Had the source already been compromised upstream before the PKGBUILD was made? Now I am securely verifying the unknown. But we don't care about that... we just want to feel warm and fuzzy with a false sense of security. A