On 7/3/07, Mateusz Jedrasik <m.jedrasik@gmail.com> wrote:
Tuesday 03 of July 2007 21:40:17 Andrew Fyfe napisaĆ(a):
I asked this question a while ago about makepkg now I'm asking about pacman... why do we need support for multiple checksum types? What's wrong with md5?
The problem with MD5 (and recently SHA1) is that you can find collisions relatively quickly on a powerful machine (under a day in some cases). Thus if you found the correct collision that actually was a valid tarball, that had valid files in it, and one of those files had something malicious in it, you would be in trouble. I mean, the chances are close to zero, but md5 has gotten a lot of press on how "crackable" it is. SHA1 is crackable as well, thought not as easily. Now put BOTH sums in your PKGBUILD. Now some third party would have to find all the collisions for MD5 and SHA1, make sure they create the same sums as those in the package, and then they would have to see if that was even any data that could be used for something malicious. I suggest using both MD5 and SHA1. I seriously doubt there is a single situation where this would not be enough for validating the package. Though I think we should move to signing our packages, so we actually have security along with validation... // codemac -- . : [ + carpe diem totus tuus + ] : .