It's time to drop MD5 from the distinfo checksums. MD5 cannot guarantee the integrity of a distfile. It is broken, people are finding collisions and have used this for practical attacks.
Espie has previously suggested that having several different hash functions might improve overall security. In this paper, http://www.iacr.org/cryptodb/archive/2004/CRYPTO/1472/1472.pdf Antoine Joux argues otherwise. The concatenation of two iterated hash functions is not stronger than its strongest component. This doesn't mean that we have to remove all MD5 lines right away, but I suggest we stop generating MD5 checksums. As ports are updated, the MD5 lines will slowly fade away. At some time in the future we can then clean up the rest. Also note that by default only the SHA-256 checksum is verified anyway. (I don't know if anybody else ever checks the others. I do about once per release cycle.) Index: bsd.port.mk =================================================================== RCS file: /cvs/ports/infrastructure/mk/bsd.port.mk,v retrieving revision 1.1180 diff -u -p -r1.1180 bsd.port.mk --- bsd.port.mk 20 Jun 2012 13:26:17 -0000 1.1180 +++ bsd.port.mk 7 Jul 2012 19:49:40 -0000 @@ -597,7 +597,7 @@ GMAKE ?= gmake CHECKSUM_FILE ?= ${.CURDIR}/distinfo # Don't touch !!! Used for generating checksums. -_CIPHERS = sha256 sha1 rmd160 md5 +_CIPHERS = sha256 sha1 rmd160 # This is the one you can override PREFERRED_CIPHERS ?= ${_CIPHERS} -- Christian "naddy" Weisgerber [email protected]
