Currently, the signatures offered are:
-SHA-256 GPG-signed..
-SHA-1 sums.
There are two main issues I take with this (and one minor annoyance), and do
hope you consider them (along with several recommended solutions).
1.) SHA-1 is broken[0]. If checksums are to be used, the SHA-2 suite (SHA256,
SHA384(uncommon), SHA512(recommended)) is recommended as an alternative. While
the hash itself *is* signed as SHA256 (via GPG), it is still a SHA-1 sum.
2.) However, and my preferred solution: why is a hash being GPG-signed? This
requires one to go through several steps simply to confirm the integrity.
3.) All of the signatures must be downloaded separately.
SOLUTION PROPOSAL:
1.) (preferred) Instead of generating a checksum and then signing that checksum
separately, simply use:
gpg --personal-digest-preferences SHA512 --output <some-release>.iso.sig
--detach-sign <some-release>.iso
This creates a standalone (or "detached") GPG signature (the default is to
include the data when performing a signature), using SHA-512. It then allows
users to perform a quick and simple "gpg --verify" (which requires no private
key to be generated, only that the GPG public key installed in the local
keyring- which would be necessary to confirm the present method of checksums
anyways).
2.) A list of SHA-512 sums for ALL ISO/netboot/etc. images distributed, and then
that list is GPG-signed. This allows use of sha512sum -c in a scriptable manner
(one would only need to fetch the sig, strip out the GPG header/footer, and run
the check against that list).
3.) Use the present signing method, but use SHA-512 instead of SHA-1
I do hope this is considered for review. Thank you for your time, and all the
effort you put into grml.
[0] https://www.schneier.com/blog/archives/2005/02/sha1_broken.html
|
BTS