Anders F Björklund
afb at macports.org
Sun Mar 6 09:16:27 PST 2011
Jeff Johnson wrote:
> On Mar 6, 2011, at 5:24 AM, Anders F Björklund wrote:
>> Ryan Schmidt wrote:
>>>> I guess the checksums are the next lint complaint ?
>>>> Since the old ports are still using MD5, I mean...
>>> Less important than nagging about ports still using md5 at this point would be to nag about ports only using a single checksum type for a distfile. :/ In such a nag, it could be recommended to use sha1 and rmd160.
>> Or just one sha256, but yeah that is what I meant.
>> It would be more useful to add the download size,
>> than to use two separate 160-bit checksum lines ?
> (obscure aside)
> I used to believe that the combination of a size+digest
> "no tampering" check was sufficiently stronger than using
> more bits in the digest, or adding a second (and longer) digest.
> Turns out that there are many MD5 exploits that do not change
> file size.
> But without an explicit "threat model" for downloads, its difficult
> to discuss whether 2 digests is "better" than everything SHA* or
> digest+size as a policy rule for downloading.
> In reality the digest is more of an integrity than a security check (imho)
> for downloaders, and even CRC would be gud enuf for integrity (but not security)
That's pretty much all that MD5 does now, offer a CRC...
Just saying that instead of using both sha1 and rmd160,
one could use sha256 and size instead. Like Ports does ?
i.e. replace md5 with size, and sha1+rmd160 with sha256
More information about the macports-dev