Subject: Re: Checksum for packages
To: Dominik Rothert <dr@astorit.com>
From: David Maxwell <david@fundy.ca>
List: tech-pkg
Date: 12/20/2000 16:22:02
On Wed, Dec 20, 2000 at 01:14:13PM +0100, Dominik Rothert wrote:
> According to a text in CryptoBytes (Vol 2 No 2, Summer 1996), 
> MD5 is not the best solution for confirming the retrieved distfiles
> match the original files. I suppose to use SHA1 instead of MD5,
> since this algorithm seems to be more secure for a longer period
> of time. By the way, OpenBSD people decided to use SHA1, too.
> 
> Why are we still using MD5? 

I haven't seen a discussion of it before this - so it hasn't changed
because it hasn't been enough of a concern to anyone.

Even if md5 was weaker than it is, there is a check in place - someone
needs to compromise (at least) the primary ftp server for a package, and
replace it without detection, with a package that is a valid tar.gz (or
whatever that package is shipped as), and that file mush collide the
hash.

Generating collisions is 'tough', having them be a valid file, is
'hard', and doing that on demand for a file server you have compromised
is 'unlikely'.

I see the only advantage for md5 being a longer history of support in NetBSD,
means pkgsrc works 'out of the box' on older installs.

It seems reasonable that we start creating checksum files with md5 AND
SHA-1 hashes, or make the pkg tools install SHA-1 utilities on older
boxes.

-- 
David Maxwell, david@vex.net|david@maxwell.net -->
If you don't spend energy getting what you want,
	You'll have to spend it dealing with what you get.
					      - Unknown