On Thu, 2020-01-23 at 01:36 +0000, Filipe Laíns wrote: > On Thu, 2020-01-23 at 02:25 +0100, Artur Juraszek wrote: > > Hi all, > > > > While poking through Arch's package system, I noticed that despite its > > bad reputation, MD5 remains a default, and even some kind of a > > "recommendation", due > > to its presence in the example PKBUILDs, hashing algorithm for file > > integrity verification. > > > > Is there a reason to not have it changed to a more future-proof one? I > > mean, at least for now, > > it seems good enough to protect before a so-called "2nd preimage attack", > > which is the primary > > concern in the classic file verification scenario, BUT: > > > > a) given the huge size of AUR and its rather chaotic nature, it is not that > > hard to imagine > > _a_ malicious upstream which could try to sneak some nasty changes in its > > own files, > > with AUR maintainer not noticing anything - leveraging flaws which do exist > > and are quite > > well-explored even today. > > > > b) it's already shown its weaknesses and it is not going to be any better - > > the only research direction > > is to found more (practical) attacks against MD5, so faster the change, > > fewer the people possibly > > affected in the future > > > > Attaching a patch which, I think, replaces MD5 with SHA256 as a default > > completely - it's my first > > change in ABS-related code, though, so please do not hesitate to criticize > > if something's wrong ;] > > > > -- > > Artur Juraszek > > I think we should change it to sha512 instead. sha256 and sha512 are > pretty similar but sha512 is faster on 64-bit machine. Since 64-bit is > the new standard for high-power computing, and the only architecture we > support, it would be more beneficial to chose sha512. > > A quick benchmark on my machine confirms this: > > $ dd if=/dev/zero of=example.img bs=4096 count=512000 > 512000+0 records in > 512000+0 records out > 2097152000 bytes (2.1 GB, 2.0 GiB) copied, 2.77283 s, 756 MB/s > > $ time sha256sum example.img > 274fbb979251bcaceab594dd89d5adfec310e8851e320b5b5f90fd5f18d76149 examp > le.img > real 4.79 > user 4.47 > sys 0.30 > > $ time sha512sum example.img > 241497cb61e24fcdaf33a13f5635951ff7c21cb27904e6f3de7b221031b0216800cbce1 > a667a66aafbdb7ffbfe2a39564b4cb48efea1d3721093fa7663e7a8c9 example.img > real 3.33 > user 3.09 > sys 0.21 > > sha512 is ~1.5s than sha256 when calculating the checksum of a 2GiB ^ *faster > zero-ed file. > > Thank you, > Filipe Laíns
signature.asc
Description: This is a digitally signed message part