[pacman-dev] md5sum's aren't used as cryptographic algorithm? (was: $ARCH suffix on packages)

Roman Kyrylych roman.kyrylych at gmail.com
Wed Oct 11 16:57:45 EDT 2006


2006/10/11, Jason Chu <jason at archlinux.org>:
> On Wed, 11 Oct 2006 10:57:53 -0500
> "Aaron Griffin" <aaronmgriffin at gmail.com> wrote:
> > b) I don't feel that anything is gained from using sha1sums.  md5 is
> > the defacto file integrity check.  We're not using md5 as a
> > cryptographic algorithm, we're checking file integrity
> I talked to Judd about this one.  I'd noticed it while at LinuxTag a
> couple years back...
> While, on the surface we use md5sums to check file integrity, during
> building we use it to verify that two downloads (at different time
> periods) are the same. In this situation, it's possible to craft a
> malicious tarball that matches the md5sum but has a different payload.

Yes, there were few security papers posted about MD5 collisions and
how to use them.

> JGC was the one who suggested we use md5sums and sha1sums together
> because it's much more difficult to craft something malicious that
> matches both of them.  I wrote a patch for makepkg a long time ago, but
> Judd didn't accept it because sha1sums were a lot longer and looked
> ugly in a PKGBUILD.

Mmm... I don't think that using md5sum & sha1sum at the same time will
make things more secure. md5sum will not matters in that case, because
security will depend on the strongest part in such case, which is,
obviously, sha1sum.
I propose to use SHA-512 instead which is basically a stronger version of SHA1.

I have much practical experience and theoretical knowledge to say that
this will be the best choice in terms of both security and simplicity
of implementation.

Roman Kyrylych (Роман Кирилич)

More information about the pacman-dev mailing list