asked 2018-03-07 23:54:37 +0300
As mentioned in this question, SHA1 has been obsoleted/cracked in early 2017.
Still, the checksums (e.g. qtcreator) used for the SDK downloads are SH1.
Doesn't this introduce a security risk, since the hashes could potentially be reproduced despite of having modified the packages?
answered 2018-03-08 10:26:43 +0300
It depends on what you want to achieve with a checksum.
SHA1 should not be used for stuff which should be cryptographically secure, but its perfectly okay if you only want to make sure that the file you've downloaded didn't got corrupted somehow (e.g. if you carry it around on an unreliable thumb drive with a file system which allows data corruption).
Just read https://en.wikipedia.org/wiki/SHA-1#Applications.
If you download the stuff using TLS (https) you should be fine since it guarantees you that the data you've got really originates from this server. Assuming that only the Sailfish team has full control over their server you can be sure that nobody tampered with the files...
Thanks for clarifying. I was under the impression that using SHA1 was gernerally a bad practise by now. Also since Ubuntu and other big open source projects use different algorithms.
Now, correct me if this is wrong but:
If the SDK files were corrupted on a faulty (USB) drive, would'nt that be noticable even without checkfiles? Then it would not be possible to compile or even install them?
I thought the checksums were there to validate both that the download went correctly and nothing was tampered with. Not so much the file storage.
SHA-1 is made for design: https://sha2017.org/blog/sha-1-i-m-made-for-decoration
leszek ( 2018-03-08 15:33:32 +0300 )edit@rozgwi: May or may not be noticeable. It's possible that everything looks like it went fine, but your compiled applications crash with "invalid opcode" because your compiler is damaged.
A solution could be to check the checksums, SHA1 or even MD5 is enough for this task.
If you download a file and want to be sure that nobody tampered with it, use cryptographically secure checksums like sha256 or sha512 which you obtain over a secure channel (otherwise the attacker could fake it too)
takimata ( 2018-03-09 17:46:15 +0300 )edit@takimata: I see, corrupted files could go unnoticed but break the build. Thanks for explaining!
@Aldrog: True. But have a look at this question: There seems to be no SSL connection at all so the checksums could theoretically be changed in mid-transfer.
rozgwi ( 2018-03-18 23:39:50 +0300 )editAsked: 2018-03-07 23:54:37 +0300
Seen: 296 times
Last updated: Mar 08 '18
You are completely nuts, you know? :)
There has been just one sha1 collision found, and searching for it reqiuired an incredible amoint of cmputing power for a long time...
Pronouncing sha1 dead is absurd. Go back and do your homework properly.
juiceme ( 2018-03-08 10:02:45 +0300 )editWell yes, I am a bit nuts. But that's a completely different matter :-P
rozgwi ( 2018-03-08 14:42:10 +0300 )editIf the question sounded too alarming or was exaggerating, I apologize.
But apparently SHA1 is deemed dead by quite a few people. At least when it comes to encryption. So not that absurd after all.
Anyways using sha256sums would not hurt.
leszek ( 2018-03-08 15:22:28 +0300 )edithehe, could be I came out a bit there :)
however it remains so that there is no actual fault in sha1, it just is vulnefable to brute force attack, weighted heavily on the word brute. (and what current crypto isn't, please tell me...)
I have some applications that use authentication tokens in the form of sha1sums and I remain confident that nobody is going to crackdown on that in any near future... :)
juiceme ( 2018-03-08 15:24:50 +0300 )edit