On 7/3/12 9:48 AM, Donald Stufft wrote:
On Tuesday, July 3, 2012 at 3:45 AM, Tarek Ziadé wrote:

Hash in the RECORD file have nothing to do with making sure the package
is originated from developer X.
Its only purpose is to know if a file on the system was changed

Using sha256 would enable preventing someone from maliciously changing the
file.

If someone has access to that file, it means that he can also change the RECORD file
so you have no way of trusting RECORD either.


Similar to how IDS systems capture hashes of binaries to compare against.
Of course someone using the system like this would need to protect the filesystem
storing the RECORD files accordingly.

I think that's the main issue - where are you going to put the RECORD file ?


I also think that switching to sha256 is pretty low cost with minimal (no?) downsides
with some possible upsides. Is there a reason to stay with md5?

The file is two times smaller and faster to create, and md5 does its job at providing
a hash for a file. I still fail to see a use case for stronger hashes


Cheers
Tarek