On Fri, Jul 06, 2007 at 12:20:00AM +0200, Xavier wrote:
On Thu, Jul 05, 2007 at 02:06:09PM -0700, Jason Chu wrote:
I was the main person pushing for this and it was mostly for the malicious downloads.
It's not the package downloading that I was worried about as much as the source tarballs. We use md5sums to make sure that the tarball we downloaded building the package is the same as the tarball that the developer used when they built the package. If someone gets access to the upstream's server, we're using the md5sum to trust files over time.
Oh I see. But what I am really wondering is why combining two existing algorithms that have flaws instead of using one for which no flaw has been found yet ? Isn't it both less secure and more complicated ?
We are at an inroads in hashing algorithm theory. All the current hashing algorithms have flaws. It's also likely that any new hash algorithms will have flaws as well. If we just trusted md5s or sha1s, then it would be less secure and more complicated, but because we look at both md5s and sha1s *together* that things improve. An analogy, think of two sheets with holes in them. You can look through each sheet and see the light on the other side, but if you lay the two sheets on top of each other a lot less light is visible. Because we're considering both hashing algorithms they cover some of the other's failings. I'm all for making less complication though... maybe a more abstract hash API? Jason