On 7/3/12 9:48 AM, Donald Stufft wrote:
On Tuesday, July 3,
2012 at 3:45 AM, Tarek Ziadé wrote:
Hash in the RECORD file have nothing to do with
making sure the package
is originated from developer X.
Its only purpose is to know if a file on the system
was changed
Using sha256 would enable preventing someone from maliciously
changing the
file.
If someone has access to that file, it means that he can also change
the RECORD file
so you have no way of trusting RECORD either.
Similar to how IDS systems capture hashes of binaries to
compare against.
Of course someone using the system like this would need to
protect the filesystem
storing the RECORD files accordingly.
I think that's the main issue - where are you going to put the
RECORD file ?
I also think that switching to sha256 is pretty low cost with
minimal (no?) downsides
with some possible upsides. Is there a reason to stay with
md5?
The file is two times smaller and faster to create, and md5 does its
job at providing
a hash for a file. I still fail to see a use case for stronger
hashes
Cheers
Tarek