SHA-256 seems to be the most widely used hash. It doesn't matter if it will be found weak in the future, we can always switch to something better.
HTTPS would also be recommended, but in addition to having trusted hashes, not as a replacement. --emi On Thu, Dec 8, 2016 at 2:50 PM, Jaroslav Tulach <jaroslav.tul...@oracle.com> wrote: > Hello Bertrand, > thanks for your insight. > > On Ätvrtek 8. prosince 2016 10:35:55 CET Bertrand Delacretaz wrote: > > > ...there are SHA1 and MD5 checksums next to the JAR artifact - I can > > > modify our download code to download one of them and use it for the > > > consistency of downloaded bits check.... > > > > To be useful the digests need to come from a trusted source. > > I see. I am starting to believe Emilian is right... > > > For Apache releases, as described at > > http://www.apache.org/dev/release-publishing.html the digests, keys > > etc. must come from ASF hosts. This allows the release archives to be > > downloaded via channels that don't need to be trusted. > > ...if we keep the digests in the source code (as NetBeans do currently), we > make them "absolutely trusted". Then we can continue to download from Maven > central as we do now and everything remains kosher. > > > Although we do trust Maven Central in general, if you're designing a > > new mechanism I suggest doing the same - distribute the digests from > > https://dist.apache.org/repos/dist/release/ (*) and the binaries from > > wherever. > > I don't get meaning of this paragraph, but assuming we have the digests > inside > of the source code, we don't have to worry about this. I guess. > > > Note also that MD5 shouldn't be trusted anymore, see > > natmchugh.blogspot.com/2014/10/how-i-created-two-images- > with-same-md5.html > > for example. > > What digest to use then? SHA1? Or connect to the Maven repositories via > HTTPS? > > I believe the idea of digest was never to fully shield anyone from > maliciously > prepared files - the idea that one can uniquely identify any file in the > Universe by 32 bytes sounds ridiculously silly, doesn't it? - rather to > shield > one against randomly broken bits. > > Regardless of what digest algorithm we use, one day it will be cracked > anyway. > Thus we can choose any (incuding poor MD5), but rather complicate the > man-in- > middle attack by using HTTPS (which is using its own certificates) for > download > - that will multiply the improbability of a hack more than choosing SHA1 or > SHA7, SHA337, etc., in my opinion. > > -jt > >
