Jeff Johnson wrote: > On Mar 6, 2011, at 5:24 AM, Anders F Björklund wrote: > >> Ryan Schmidt wrote: >> >>>> I guess the checksums are the next lint complaint ? >>>> Since the old ports are still using MD5, I mean... >>> >>> Less important than nagging about ports still using md5 at this point would >>> be to nag about ports only using a single checksum type for a distfile. :/ >>> In such a nag, it could be recommended to use sha1 and rmd160. >> >> Or just one sha256, but yeah that is what I meant. >> >> It would be more useful to add the download size, >> than to use two separate 160-bit checksum lines ? >> > > (obscure aside) > I used to believe that the combination of a size+digest > "no tampering" check was sufficiently stronger than using > more bits in the digest, or adding a second (and longer) digest. > > Turns out that there are many MD5 exploits that do not change > file size. > > But without an explicit "threat model" for downloads, its difficult > to discuss whether 2 digests is "better" than everything SHA* or > digest+size as a policy rule for downloading. > > In reality the digest is more of an integrity than a security check (imho) > for downloaders, and even CRC would be gud enuf for integrity (but not > security) > checks.
That's pretty much all that MD5 does now, offer a CRC... Just saying that instead of using both sha1 and rmd160, one could use sha256 and size instead. Like Ports does ? i.e. replace md5 with size, and sha1+rmd160 with sha256 --anders _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
