Hi! 2006/10/11, Jason Chu <jason@archlinux.org>:
On Wed, 11 Oct 2006 10:57:53 -0500 "Aaron Griffin" <aaronmgriffin@gmail.com> wrote:
b) I don't feel that anything is gained from using sha1sums. md5 is the defacto file integrity check. We're not using md5 as a cryptographic algorithm, we're checking file integrity
I talked to Judd about this one. I'd noticed it while at LinuxTag a couple years back...
While, on the surface we use md5sums to check file integrity, during building we use it to verify that two downloads (at different time periods) are the same. In this situation, it's possible to craft a malicious tarball that matches the md5sum but has a different payload.
Yes, there were few security papers posted about MD5 collisions and how to use them.
JGC was the one who suggested we use md5sums and sha1sums together because it's much more difficult to craft something malicious that matches both of them. I wrote a patch for makepkg a long time ago, but Judd didn't accept it because sha1sums were a lot longer and looked ugly in a PKGBUILD.
Mmm... I don't think that using md5sum & sha1sum at the same time will make things more secure. md5sum will not matters in that case, because security will depend on the strongest part in such case, which is, obviously, sha1sum. I propose to use SHA-512 instead which is basically a stronger version of SHA1. I have much practical experience and theoretical knowledge to say that this will be the best choice in terms of both security and simplicity of implementation. -- Roman Kyrylych (Роман Кирилич)