On 23/1/20 11:25 am, Artur Juraszek wrote: > Hi all, > > While poking through Arch's package system, I noticed that despite its > bad reputation, MD5 remains a default, and even some kind of a > "recommendation", due > to its presence in the example PKBUILDs, hashing algorithm for file integrity > verification. > > Is there a reason to not have it changed to a more future-proof one? I mean, > at least for now, > it seems good enough to protect before a so-called "2nd preimage attack", > which is the primary > concern in the classic file verification scenario, BUT: > > a) given the huge size of AUR and its rather chaotic nature, it is not that > hard to imagine > _a_ malicious upstream which could try to sneak some nasty changes in its own > files, > with AUR maintainer not noticing anything - leveraging flaws which do exist > and are quite > well-explored even today. > > b) it's already shown its weaknesses and it is not going to be any better - > the only research direction > is to found more (practical) attacks against MD5, so faster the change, fewer > the people possibly > affected in the future > > Attaching a patch which, I think, replaces MD5 with SHA256 as a default > completely - it's my first > change in ABS-related code, though, so please do not hesitate to criticize if > something's wrong ;] >
This change is not happening. Any checksum is insecure when added to a PKGBUILD using "makepkg -g", which is all the default value does. The person writing a PKGBUILD needs to use what is provided upstream (or even a PGP signature), in which case the default in makepkg does not make a difference. Allan