Let's avoid using md5 as checksum

[Ryan Schmidt]

On Feb 15, 2008, at 22:14, js wrote:

>> Disagree. Three types of checksums (md5, sha1, rmd160) in a portfile
>> are stronger than just two.
>> I would agree that ports should not use md5 alone, but I would also
>> say that ports should not use sha1 or rmd160 alone. Ports should use
>> all three checksum types.
>
> When we have sha1 and rmd160 using md5 as a checksum is meaningless.
> What do you mean by "stronger"?

We have checksums to ensure that the file the user downloaded is the  
same file that the maintainer originally used when making the port.

If md5 were so weak that an attacker could create a new archive that  
had the same md5 sum as the original file, and they could somehow  
upload this to the developer's server and replace their original file  
with this new one, and the portfile only used md5 checksums for  
verifying the downloaded file, then we would have a problem. But md5  
is not this weak, so this attack is not possible. It is possible for  
a malicious software author to specially construct two archives with  
different contents but which have the same md5 sum. So this is a  
(vaguely) realistic situation that the weakness of md5 would enable  
to occur.

You might say we should therefore use sha1 or rmd160 instead. But  
what if a similar problem is discovered in sha1 or rmd160?

Even if flaws exist in all three checksum algorithms that enable  
differing files to have the same checksum, it is virtually impossible  
for such a flaw to affect more than one checksum algorithm at a time.  
That is, take two different files A and B which have been constructed  
so that their md5 sums are the same. I will eat my hat if they also  
have the same sha1 sums or the same rmd160 sums.

Therefore, use more than one checksum and the weakness of any  
individual algorithm becomes unimportant.