apt-sha256
⇤ ← Revision 1 as of 2006-11-27 10:03:00
1337
Comment:
|
1432
|
Deletions are marked like this. | Additions are marked like this. |
Line 6: | Line 6: |
* '''Launchpad entry''': none yet * '''Packages affected''': |
* '''Launchpad entry''': https://blueprints.launchpad.net/distros/ubuntu/+spec/apt-sha256 * '''Packages affected''': apt * '''Contributors''': MichaelVogt |
Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.
Launchpad entry: https://blueprints.launchpad.net/distros/ubuntu/+spec/apt-sha256
Packages affected: apt
Contributors: MichaelVogt
Summary
The current hash method in apt to do authentication checking is md5. To improve security we want to switch this to sha256.
Rationale
MD5 has serveral flaws that makes it not the best option to base our authentication on. SHA256 is a much stronger authentication hash algorithm.
Scope
APT needs to be modified to support sha256 for all verifications. No changes to the frontends are required.
Design
The changes in apt should be done in a way that makes future changes to the used algorithm a lot easier than it is currently.
Some files lag a tag what hash algorithm is used (e.g. the "Files" tag in a .dsc file). A new tag "Files-SHA256" is added there.
Implementation
The code in apt-pkg/acquire-item.cc should be changed so that the class Hashes from apt-pkg/contrib/hashes.h is reused.
Code
Some initial work has been done in http://people.ubuntu.com/~mvo/bzr/apt/sha256/
apt-sha256 (last edited 2008-08-06 16:19:41 by localhost)