[arch-general] Stronger Hashes for PKGBUILDs

[Gregory Mullen]

> I advocate keeping md5sum as the default because it is broken.  If I see
someone purely verifying their sources using md5sum in a PKGBUILD (and
not pgp signature), I know that they have done nothing to actually
verify the source themselves.

I advocate making the default house construction straw... Said the wolf to
the three little pigs.

Advocating for MD5 as a "this package is insecure" warning flag makes NO
sense at all. Especially when if the package is secure (because the
maintainer verified the PGP sig, and then changed to shaXXX) you still no
nothing new. But don't say; MD5 is good because I know it's broken, so I
know the maintainer didn't do their job?

Either validate the PGP keys, or don't. But don't suggest keeping a broken
system because... why again? So you can learn nothing?

> But we don't care about that...  we just want to feel warm and fuzzy with
a false sense of security.

No one is suggesting sha*sum replace, and actual security/authentication
check. Only that maybe it's not a good idea to use a system we all know is
broken.



On Wed, Dec 7, 2016 at 1:49 AM, Allan McRae <allan at archlinux.org> wrote:

> On 07/12/16 19:35, Gregory Mullen wrote:
> > Grayhatter here, developer of Tox -- The security centered TAV client. No
> > matter what the reason is, NO ONE should be using MD5. We can argue about
> > what hash we want to use, but literally nothing, is better than using
> MD5.
> > I don't mean MD5 is better than everything else, I mean NOT using a hash,
> > is better than using MD5.
>
> Ignoring "slight" exaggerations...
>
> > The argument that an insecure hash is fine because it doesn't need to be
> > secure, and that PGP is a better replacement; Is a plainly BAD argument.
> > The issue at hand is not, what should we use to verify the authenticity
> of
> > the packages. The question is, is MD5 an acceptable hashing algorithm? We
> > all know it's not. If given the choice, NO ONE who knows about the
> SERIOUS
> > issues with MD5 would think it's a reasonable suggestion.
> >
> > Switching to sha256/512 isn't a hard switch `sha{256,512}sum` is in
> > coreutils (a member of base no less).
> >
> > To recap... we have a lot of good reasons to drop MD5 like the broken
> algo
> > it is. No applicable reasons why need to keep it. So... why haven't we
> > replaced it yet?
>
> I advocate keeping md5sum as the default because it is broken.  If I see
> someone purely verifying their sources using md5sum in a PKGBUILD (and
> not pgp signature), I know that they have done nothing to actually
> verify the source themselves.
>
> If sha2sums become default, I now know nothing.  Did the maintainer of
> the PKGBUILD get that checksum from a securely distributed source from
> upstream?  Had the source already been compromised upstream before the
> PKGBUILD was made?  Now I am securely verifying the unknown.
>
> But we don't care about that...  we just want to feel warm and fuzzy
> with a false sense of security.
>
> A
>