I advocate keeping md5sum as the default because it is broken. If I see someone purely verifying their sources using md5sum in a PKGBUILD (and not pgp signature), I know that they have done nothing to actually verify the source themselves.
I advocate making the default house construction straw... Said the wolf to the three little pigs. Advocating for MD5 as a "this package is insecure" warning flag makes NO sense at all. Especially when if the package is secure (because the maintainer verified the PGP sig, and then changed to shaXXX) you still no nothing new. But don't say; MD5 is good because I know it's broken, so I know the maintainer didn't do their job? Either validate the PGP keys, or don't. But don't suggest keeping a broken system because... why again? So you can learn nothing?
But we don't care about that... we just want to feel warm and fuzzy with a false sense of security.
No one is suggesting sha*sum replace, and actual security/authentication check. Only that maybe it's not a good idea to use a system we all know is broken. On Wed, Dec 7, 2016 at 1:49 AM, Allan McRae <allan@archlinux.org> wrote:
On 07/12/16 19:35, Gregory Mullen wrote:
Grayhatter here, developer of Tox -- The security centered TAV client. No matter what the reason is, NO ONE should be using MD5. We can argue about what hash we want to use, but literally nothing, is better than using MD5. I don't mean MD5 is better than everything else, I mean NOT using a hash, is better than using MD5.
Ignoring "slight" exaggerations...
The argument that an insecure hash is fine because it doesn't need to be secure, and that PGP is a better replacement; Is a plainly BAD argument. The issue at hand is not, what should we use to verify the authenticity of the packages. The question is, is MD5 an acceptable hashing algorithm? We all know it's not. If given the choice, NO ONE who knows about the SERIOUS issues with MD5 would think it's a reasonable suggestion.
Switching to sha256/512 isn't a hard switch `sha{256,512}sum` is in coreutils (a member of base no less).
To recap... we have a lot of good reasons to drop MD5 like the broken algo it is. No applicable reasons why need to keep it. So... why haven't we replaced it yet?
I advocate keeping md5sum as the default because it is broken. If I see someone purely verifying their sources using md5sum in a PKGBUILD (and not pgp signature), I know that they have done nothing to actually verify the source themselves.
If sha2sums become default, I now know nothing. Did the maintainer of the PKGBUILD get that checksum from a securely distributed source from upstream? Had the source already been compromised upstream before the PKGBUILD was made? Now I am securely verifying the unknown.
But we don't care about that... we just want to feel warm and fuzzy with a false sense of security.
A