On 16/03/2021 16.54, Julien Palard wrote:
Le 2021-03-16 à 15:52, Christian Heimes a écrit :
could you please explain your use case? Which problem are you trying to solve? How would a sha256 checksum help you solve that problem?
No, I'm just forwarding the surprise of a user seen on a random social network (I'm monitoring the python hashtag on mastodon those days).
The MD5 fingerprint is really just a checksum to detect download issues. Any checksum would do the trick, even CRC-32. We could (and should) replace the MD5 fingerprint with SHA-256 or SHA-512 [1].
In our case SHA-256 checksums don't provide any real benefit over MD5. Security and data integrity is provided by TLS / HTTPS and optionally by GPG signatures. The Python source code and checksums are provided by the same server. If an attacker is able to modify the tar ball, then it's likely they can replace the checksum information, too.
tl;dr If you want to check for partial / bad downloads, then MD5 is still OK. If you want to check for compromised files, then simple SHA-256 checksums provide no extra security. GPG signatures are problematic because GPG is awful. Sigstore [2] might become an alternative in the future.
Christian
[1] On modern hardware SHA-512 is up to 50% faster than SHA-256. [2] https://sigstore.dev/