On Feb 15, 2008, at 22:14, js wrote: >> Disagree. Three types of checksums (md5, sha1, rmd160) in a portfile >> are stronger than just two. >> I would agree that ports should not use md5 alone, but I would also >> say that ports should not use sha1 or rmd160 alone. Ports should use >> all three checksum types. > > When we have sha1 and rmd160 using md5 as a checksum is meaningless. > What do you mean by "stronger"?
We have checksums to ensure that the file the user downloaded is the same file that the maintainer originally used when making the port. If md5 were so weak that an attacker could create a new archive that had the same md5 sum as the original file, and they could somehow upload this to the developer's server and replace their original file with this new one, and the portfile only used md5 checksums for verifying the downloaded file, then we would have a problem. But md5 is not this weak, so this attack is not possible. It is possible for a malicious software author to specially construct two archives with different contents but which have the same md5 sum. So this is a (vaguely) realistic situation that the weakness of md5 would enable to occur. You might say we should therefore use sha1 or rmd160 instead. But what if a similar problem is discovered in sha1 or rmd160? Even if flaws exist in all three checksum algorithms that enable differing files to have the same checksum, it is virtually impossible for such a flaw to affect more than one checksum algorithm at a time. That is, take two different files A and B which have been constructed so that their md5 sums are the same. I will eat my hat if they also have the same sha1 sums or the same rmd160 sums. Therefore, use more than one checksum and the weakness of any individual algorithm becomes unimportant. _______________________________________________ macports-dev mailing list macports-dev@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev