Mail archive
alpine-devel

Re: [alpine-devel] Upgrading package signatures from SHA1 to SHA2 digest.

From: Alba Pompeo <albapompeo_at_gmail.com>
Date: Thu, 8 Mar 2018 18:49:34 -0300

I suggest BLAKE2b.

https://monocypher.org/manual/crypto_blake2b.html#DESCRIPTION

Faster than MD5, as secure as SHA3.

On Thursday, March 8, 2018, Timo Teras <timo.teras_at_iki.fi> wrote:
> Hi
>
> On Wed, 7 Mar 2018 18:28:49 -0500
> Ferris Ellis <ferris_at_ferrisellis.com> wrote:
>
>> I was looking into using a crypto-service to do Apline package build
>> signatures (as opposed to using a key on disk) and in doing so
>> stumbled across the fact that Alpine package signatures currently use
>> SHA1 digests. After a quick search on https://lists.alpinelinux.org I
>> didn’t see any prior discussions related to this fact and thus am
>> posting this to the mailing list.
>>
>> I wanted to start a dialog about the possibility of moving to using
>> SHA2 digests (I would presume SHA256 would be the preferred option)
>> for signatures as SHA1 is deemed insecure by many and is being phased
>> out for most usage of PKI. This includes my use case, where the
>> crypto-service I have deliberately no longer offers signatures with
>> SHA1 digests and instead offers standard SHA2 digests.
>>
>> If the community is interested I’m happy to submit a more formal RFC
>> on this. But, as I’m relatively new to the mailing list, I figured it
>> was best to start with just a dialog!
>
> I have been working to update .apk and index formats to binary. I was
> hoping to do the hash algorithm change there. While I do have the
> design ready, and some code too, it's taking a bit more than expected.
>
> I am willing to accept backwards compatible patches at this point even
> for the current formats. The signatures could be pretty easily updated.
> Just add a new prefix type to identify the signatures as rsa-sha256 or
> similar.
>
> However, sign only the control.tar.gz part of apk. That in turn
> contains hash for the control.tar.gz part containing the package
> metadata. Changing this 'identity hash' from sha1 to sha256 would be
> more intrusive. Same applies to the individual file checksums kept in
> the file database for audit purposes. However, control.tar.gz does have
> stronger hash (sha256) for data.tar.gz which contains the actual file
> data content.
>
> Timo
>
>
> ---
> Unsubscribe: alpine-devel+unsubscribe_at_lists.alpinelinux.org
> Help: alpine-devel+help_at_lists.alpinelinux.org
> ---
>
>



---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Thu Mar 08 2018 - 18:49:34 GMT