[pacman-dev] [PATCH] Replace MD5 with SHA-256 as a default file integrity check in PKGBUILDs

Filipe Laíns lains at archlinux.org
Thu Jan 23 01:38:05 UTC 2020 

On Thu, 2020-01-23 at 01:36 +0000, Filipe Laíns wrote:
> On Thu, 2020-01-23 at 02:25 +0100, Artur Juraszek wrote:
> > Hi all,
> > 
> > While poking through Arch's package system, I noticed that despite its
> > bad reputation, MD5 remains a default, and even some kind of a "recommendation", due
> > to its presence in the example PKBUILDs, hashing algorithm for file integrity verification.
> > 
> > Is there a reason to not have it changed to a more future-proof one? I mean, at least for now,
> > it seems good enough to protect before a so-called "2nd preimage attack", which is the primary
> > concern in the classic file verification scenario, BUT:
> > 
> > a) given the huge size of AUR and its rather chaotic nature, it is not that hard to imagine
> > _a_ malicious upstream which could try to sneak some nasty changes in its own files,
> > with AUR maintainer not noticing anything - leveraging flaws which do exist and are quite
> > well-explored even today.
> > 
> > b) it's already shown its weaknesses and it is not going to be any better - the only research direction
> > is to found more (practical) attacks against MD5, so faster the change, fewer the people possibly
> > affected in the future
> > 
> > Attaching a patch which, I think, replaces MD5 with SHA256 as a default completely - it's my first
> > change in ABS-related code, though, so please do not hesitate to criticize if something's wrong ;]
> > 
> > --
> > Artur Juraszek
> 
> I think we should change it to sha512 instead. sha256 and sha512 are
> pretty similar but sha512 is faster on 64-bit machine. Since 64-bit is
> the new standard for high-power computing, and the only architecture we
> support, it would be more beneficial to chose sha512.
> 
> A quick benchmark on my machine confirms this:
> 
> $ dd if=/dev/zero of=example.img bs=4096 count=512000
> 512000+0 records in
> 512000+0 records out
> 2097152000 bytes (2.1 GB, 2.0 GiB) copied, 2.77283 s, 756 MB/s
> 
> $ time sha256sum example.img
> 274fbb979251bcaceab594dd89d5adfec310e8851e320b5b5f90fd5f18d76149  examp
> le.img
> real 4.79
> user 4.47
> sys 0.30
> 
> $ time sha512sum example.img
> 241497cb61e24fcdaf33a13f5635951ff7c21cb27904e6f3de7b221031b0216800cbce1
> a667a66aafbdb7ffbfe2a39564b4cb48efea1d3721093fa7663e7a8c9  example.img
> real 3.33
> user 3.09
> sys 0.21
> 
> sha512 is ~1.5s than sha256 when calculating the checksum of a 2GiB
                  ^ *faster
> zero-ed file.
> 
> Thank you,
> Filipe Laíns
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20200123/1f6be954/attachment.sig>

More information about the pacman-dev mailing list