On 07/12/16 19:35, Gregory Mullen wrote:
> Grayhatter here, developer of Tox -- The security centered TAV client. No
> matter what the reason is, NO ONE should be using MD5. We can argue about
> what hash we want to use, but literally nothing, is better than using MD5.
> I don't mean MD5 is better than everything else, I mean NOT using a hash,
> is better than using MD5.
Ignoring "slight" exaggerations...
> The argument that an insecure hash is fine because it doesn't need to be
> secure, and that PGP is a better replacement; Is a plainly BAD argument.
> The issue at hand is not, what should we use to verify the authenticity of
> the packages. The question is, is MD5 an acceptable hashing algorithm? We
> all know it's not. If given the choice, NO ONE who knows about the SERIOUS
> issues with MD5 would think it's a reasonable suggestion.
>
> Switching to sha256/512 isn't a hard switch `sha{256,512}sum` is in
> coreutils (a member of base no less).
>
> To recap... we have a lot of good reasons to drop MD5 like the broken algo
> it is. No applicable reasons why need to keep it. So... why haven't we
> replaced it yet?
I advocate keeping md5sum as the default because it is broken. If I see
someone purely verifying their sources using md5sum in a PKGBUILD (and
not pgp signature), I know that they have done nothing to actually
verify the source themselves.
If sha2sums become default, I now know nothing. Did the maintainer of
the PKGBUILD get that checksum from a securely distributed source from
upstream? Had the source already been compromised upstream before the
PKGBUILD was made? Now I am securely verifying the unknown.
But we don't care about that... we just want to feel warm and fuzzy
with a false sense of security.
A
