On 8/15/07, Dan McGee <dpmcgee@gmail.com> wrote:
What I really want to hear are thoughts on this issue. We are using md5sums for two main reasons- verification of package downloads, and determining whether a backup file has changed. With this in mind, I think md5 is sufficient to serve our needs.
Please chime in on this.
There is some history on this somewhere in these list archives. I'll summarize my views because I don't want to figure out what thread that was. a) The "md5 is insecure" argument doesn't hold water with archive formats. Reproducing an md5sum with a malicious file requires that the original file format supports null padding. All of the examples I've seen used ps files as you can embed null padding to fluff the md5sum. In our case, if you add some padding, it suddenly becomes a corrupt archive. Corrupt archives are already checked for before extraction, so if the md5sum matches AND it's corrupt, it's either a packager's error, or malicious. b) We are not using md5 for security. We are using it for integrity. These are two totally different things. Instead of saying "I don't trust you Mr Mirror", we're saying "I trust the DB file is correct, did this download ok". See now there's a subtle problem with this point. If we want to implicitly trust the DB files, then we need to ensure where they come from. DB files on mirrors might not be "trustable". /me shrugs But my opinions is thus: md5 is faster than sha1, and we're just ensuring that we downloaded the file exactly as the server told us to. We are not guaranteeing that it is super-duper secure. If we wanted that, we'd sign packages. I vote md5