Re: [gentoo-dev] Notification about MD5 support
Am Donnerstag, 21. September 2006 16:49 schrieb Vlastimil Babka: Although the more secure than MD5 part is now questionable, I suppose the directly available in python part still holds? From What's new in python 2.5 13.3 The hashlib package A new hashlib module, written by Gregory P. Smith, has been added to replace the md5 and sha modules. hashlib adds support for additional secure hashes (SHA-224, SHA-256, SHA-384, and SHA-512). When available, the module uses OpenSSL for fast platform optimized implementations of algorithms. The old md5 and sha modules still exist as wrappers around hashlib to preserve backwards compatibility. The new module's interface is very close to that of the old modules, but not identical. The most significant difference is that the constructor functions for creating new hashing objects are named differently. I think sha256/512 is the only thing that makes sense at the moment, as it most probably will stay secure for quite a while and we don't have real alternatives. So imho use sha256, get rid of everything else, because that rarely improves security, and wait for the nist to define something new (which will happen, but probably take some years from now). cu, Hanno pgpT6B2kaucaK.pgp Description: PGP signature
Re: [gentoo-dev] Notification about MD5 support
On Thursday 21 September 2006 08:54, Hanno Böck wrote: I think sha256/512 is the only thing that makes sense at the moment, as it most probably will stay secure for quite a while and we don't have real alternatives. So imho use sha256, get rid of everything else, because that rarely improves security, and wait for the nist to define something new (which will happen, but probably take some years from now). Well, the problem that occurs here is the verification process. With MD5, you can hit most upstream sites, and they'll have an MD5SUM avaliable that you can authenticate against. With SHA256, you would need an upstream that actually implements them as hashes for release notifications. Without this sort of verification, there's a better chance of someone putting out some kind of exploit tarball, us hashing it as per the usual, and the whole purpose gets defeated. Yes, you can consider that developers should be going in and checking the changes, etc., but the problem it's something a lot of devs would be less likely to do versus an easy md5sum lookup. -- Chris White Gentoo Developer aka: xx (Scissors Were Here) xx pgpLZFG6ufmNv.pgp Description: PGP signature
Re: [gentoo-dev] Notification about MD5 support
Chris White wrote: Well, the problem that occurs here is the verification process. With MD5, you can hit most upstream sites, and they'll have an MD5SUM avaliable that you can authenticate against. Well if you care enough to verify this, you can easily create an md5sum of the fetched distfile yourself, and compare that with upstream :) Of course, if you want to verify digests of random packages without wanting to actually download and use them, then you would miss MD5 in the manifest, but how likely is that? -- Vlastimil Babka (Caster) Gentoo/Java -- gentoo-dev@gentoo.org mailing list
[gentoo-dev] Notification about MD5 support
Ferringb recently told me that this info apparently wasn't mentioned explicit enough in Glep 44: Manifest2 records do not contain a MD5 checksum. The only guaranteed checksum type there is SHA1. So once manifest1 is phased out the tree will not contain MD5 checksums anymore. This is just a reminder, not a request for discussion (unless you have a *really* good reason why MD5 is still needed) Marius -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Notification about MD5 support
On Thursday 21 September 2006 09:34, Marius Mauch wrote: Manifest2 records do not contain a MD5 checksum. The only guaranteed checksum type there is SHA1. So once manifest1 is phased out the tree will not contain MD5 checksums anymore. by guaranteed do you mean guaranteed to be in the records ? SHA1 has proven to be insecure like MD5 -mike pgpQStoxBKwvE.pgp Description: PGP signature
Re: [gentoo-dev] Notification about MD5 support
On Thu, Sep 21, 2006 at 09:49:18AM -0400, Mike Frysinger wrote: On Thursday 21 September 2006 09:34, Marius Mauch wrote: Manifest2 records do not contain a MD5 checksum. The only guaranteed checksum type there is SHA1. So once manifest1 is phased out the tree will not contain MD5 checksums anymore. by guaranteed do you mean guaranteed to be in the records ? SHA1 has proven to be insecure like MD5 Guranteed to be in the chksum data; iow, when manifest2 is switched over to fully all manifest1/digest data becomes effectively invisible to portage and is filtered out on commits. So... what's guranteed in manifest2 now is just sha1. In reality, it holds size/sha1/sha256/rmd160 per file entry. ~harring pgpL4A2RE3qP4.pgp Description: PGP signature
Re: [gentoo-dev] Notification about MD5 support
On Thursday 21 September 2006 10:00, Brian Harring wrote: On Thu, Sep 21, 2006 at 09:49:18AM -0400, Mike Frysinger wrote: On Thursday 21 September 2006 09:34, Marius Mauch wrote: Manifest2 records do not contain a MD5 checksum. The only guaranteed checksum type there is SHA1. So once manifest1 is phased out the tree will not contain MD5 checksums anymore. by guaranteed do you mean guaranteed to be in the records ? SHA1 has proven to be insecure like MD5 Guranteed to be in the chksum data; iow, when manifest2 is switched over to fully all manifest1/digest data becomes effectively invisible to portage and is filtered out on commits. So... what's guranteed in manifest2 now is just sha1. In reality, it holds size/sha1/sha256/rmd160 per file entry. ok, but it just seems silly to go cutting MD5 but leaving SHA1 ... if we're going to be leaving an insecure format, we might as well keep the one that is a virtual standard in and of itself (MD5) -mike pgpUZchLpMQ0h.pgp Description: PGP signature
Re: [gentoo-dev] Notification about MD5 support
Mike Frysinger wrote: ok, but it just seems silly to go cutting MD5 but leaving SHA1 ... if we're going to be leaving an insecure format, we might as well keep the one that is a virtual standard in and of itself (MD5) -mike GLEP 44 says: snip For compability though we have to rely on at least one hash function to always be present, this proposal suggest to use SHA1 for this purpose (as it is supposed to be more secure than MD5 and currently only SHA1 and MD5 are directly available in python, also MD5 doesn't have any benefit in terms of compability). /snip Although the more secure than MD5 part is now questionable, I suppose the directly available in python part still holds? One point of the GLEP is to make tree smaller, so why keep more insecure formats when the room they would occupy can be used for more secure formats like sha256/512, although those can't be deemed the mandatory ones because they're not directly in python. So if both MD5 and SHA1 are now insecure but one of them needs to be the mandatory one, the question is, is it still harder to crack SHA1 than MD5? If yes, then just forget MD5. -- Vlastimil Babka (Caster) Gentoo/Java -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Notification about MD5 support
On Thursday 21 September 2006 10:49, Vlastimil Babka wrote: GLEP 44 says: touche -mike pgpy7mqcfngBq.pgp Description: PGP signature