If you use trusted checksum catalogs, shoes, reference hashes or stuff this can be used for integrity protection (if the checksum catalogs are integrity protected), and for this you indeed have to use strong hashes. However this is not directly related to the maven artifact hash files and deployer. (You better not generate the trusted lists from the untrusted repository hash files).
Gruss Bernd -- http://bernd.eckenfels.net ________________________________ Von: Mickael Istria <[email protected]> Gesendet: Thursday, October 14, 2021 9:56:04 AM An: Maven Developers List <[email protected]> Betreff: Re: MD5, SHA1, but nothing (still) safe? On Wed, Oct 13, 2021 at 8:41 PM Bernd Eckenfels <[email protected]> wrote: > There is no Security risk with weaker checksums since the checksums are > not used for security. An attacker who messes with your binaries can also > mess with the checksum files. In our case, we have the checksum files that are served from a "trusted" place, but the artifacts can come from less trusted mirrors. And we want to ensure the artifact we get is the one we expect whichever server does serve it. Checksums can do that, and broken checksums algorithms such as md5 or sha1 can allow a mirror to forge a malicious artifact with the same checksums and thus let a malicious artifact be installed in place of a good one; while strong checksums algorithms don't allow that. > Only the signatures are relevant here (and they depend on the PGP settings > if they use strong hashes). > I disagree that from a security perspective signatures have any stronger impact on securing the transfer than a good checksum. Signatures are here to create a concept of "trust delegation" (I trust this artifact because X has signed they trust it), it's basically meant for human decision, not for automated artifact transfer verification. And even the broken/short/fast md5 would be strong enough to detect bit > errors, especially considering TLS is now mandatory. > See my point above; it's not only a bit error, it can be malicious artifacts coming from another source (mirror) and pretending to be the correct ones because md5 is weak enough to allow to do it.
