Securely downloading Ubuntu

Neal McBurnett neal at bcn.boulder.co.us
Mon Jan 28 17:39:03 GMT 2008


On Mon, Jan 28, 2008 at 05:20:52PM +0000, Matt Zimmerman wrote:
> On Mon, Jan 28, 2008 at 09:28:48AM -0700, Neal McBurnett wrote:
> > > (I'm all in favor of moving to SHA256 or whatever is considered best
> > > practice these days. I've just not heard that MD5 is really as broken as
> > > I think Chris suggests here.)
> > 
> > One easy thing to do is to also publish sha256 sums of the CD
> > images, so if MD5 preimage attacks are developed, that would help.
> > 
> > I think we should do that now, and consider a hash function in a
> > different class also (whirlpool?).
> > 
> > Shipping more hash functions in the base install would help a lot in a
> > crisis, so users have what they need to validate software updates.
> > I guess coreutils has the md5 and sha families well covered, but
> > again, something different like whirlpool could help a lot some day.
> 
> Perhaps we should publish detached signatures for each ISO rather than
> signing MD5SUMS?

From what I've heard, the main principle for dealing with hash issues
is "algorithm agility" - i.e. making it easy for folks to use multiple
algorithms.

Publishing detached signatures is a way to make the user interface
easier (perhaps) for folks that want to validate the gpg signature.
But I would think many (especially those without a good way to trust
the gpg key, as noted previously) would want to just be able to
validate hashes.

I would still argue for the use of multiple hash algorithms, and I
guess for gpg that means multiple detached signatures, one per hash
algorithm.  And some are not supported by all versions of gpg....

I'd suggest we publish a "CHECKSUMS" file with a good assortment of
hashes in text format, and also sign that.

Neal McBurnett                 http://mcburnett.org/neal/



More information about the Ubuntu-devel-discuss mailing list