Stop using MD5 checksum for hashing releases #4672
Comments
related #3574 |
it is only used to allow us to distinguish releases, not to reference content and it is taken directly from the repo. if an attacker were somehow to compromise our repo's push access without us noticing, then their ability to magically crack MD5 to allow them to insert a hacked code in there with the same git commit hash would be unnecessary anyway: push access would already have compromised our binaries. |
The issue is concerning MD5 file hashes that we publish with github release notes, not git commits. Git commits are SHA1 btw. |
I've opened this issue forwarding the concern of a reddit user: |
while I'm tempted to also write the issue is that (afaik) windows utilities do not provide native support for sha256sum, and this could lead to users stop checking checksums at all. best would be signed and verified builds as described in #3574 |
This issue is labelled with security, but has neither an assignee nor a deadline. Please, assign this issue to someone at @paritytech/ci, attach a milestone and comment on the progress within 7 days or close as stale otherwise. |
@arkpar You are getting both the MD5 hash and the file from GitHub over HTTPS. If someone had the ability to compromise one, they could compromise the other. This means that if an attacker has the ability to change the file, they could simply also change the hash to match the new file. There is not an attack vector where the attacker has the ability to change the file without also having the ability to change the hash. |
What's involved for switching to sha256sum? Before we leave this ticket open for another three months, I'd rather add the checksums manually for now. |
Switched to sha256. https://github.com/paritytech/parity/releases/tag/v1.7.1 |
@5chdn That link took me to a verified and sha256 checksummed release earlier today, but now it isn't and 1.7.0 is showing as latest. Was the release pulled? |
Yes it was pulled. Stay tuned. But I will ensure there will be sha256sums for future releases. |
The underlying MD5 algorithm is no longer deemed secure. Thus, while md5sum is well-suited for identifying known files in situations that are not security related, it should not be relied on if there is a chance that files have been purposefully and maliciously tampered. In the latter case, the use of a newer hashing tool such as sha256sum is recommended.
The text was updated successfully, but these errors were encountered: