Project

General

Profile

Feature #7031

Don't depend on a single hash algorithm for incremental upgrades

Added by intrigeri over 5 years ago.

Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
-
Target version:
-
Start date:
04/06/2014
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:
Upgrader

Description

Currently, our update-description files contain exactly one hashsum for every target file. If the algorithm we use has flaws, then we have problems. The approach APT uses is that instead, the package lists contain hashsums computed with different algorithms, for every file whose integrity/authenticity needs to be verified. We should probably do the same.

The most important thing to start with is probably to extend the IUK code, to make it able to verify an arbitrary number of hashsums. Note that the upgrade-description file format already supports shipping multiple hashsums.

Then, we can research the exact list of hashing algos we should use, probably starting with the same list as Debian (iirc: MD5, SHA-1, and a SHA-2 or two). It might make sense to add SHA-3 and the latest djb's algorithm to the mix.

Also available in: Atom PDF