[Cryptography] let's kill md5sum!
Ray Dillinger
bear at sonic.net
Sat Jun 13 15:52:40 EDT 2015
On 06/06/2015 12:48 PM, Alexandre Anzala-Yamajako wrote:
> Just a thought...
> If we re going to kill of md5sum and break user's habits and scripts we
> might as well do it once and for all.
> Why not build a tool called hashsum whose options are md5 sha2 sha3 and
> blake2 ? This tool could be transparently updated wo breaking compatibility
> in the future and the man page would explain the rationale for each option
> (md5 would be indicated as deprecated but there for verifying old file
> hashes for example)
But the problem with 'hiding' the hash algorithm behind a toool
named hashsum is that if the algorithm behind it ever changes,
then a bunch of big userland software archives, repositories,
filesharing systems, and databases will immediately break.
Breaking existing userland stuff isn't something you can fix
by hiding the change behind a generic name suitable for scripts
etc. Any change means that all the existing checksums are no
longer good, and all the data in those vital applications is
suddenly useless.
What's needed is a way for migration of userland applications
from one hashing algorithm to another to happen. That means
additional functionality has to be added to all that database,
archive, and repository software: It needs to be able to take
a one-time command to replace (all and _only_ the correct)
checksums of the current algorithm, with checksums that are
correct according to the new algorithm.
And executing that command? On large databases, trying to do
that all at once could take DAYS of downtime they don't have
to spend. So this is non-trivial, because it needs to happen
as a background process and the software has to be able to
keep track of what's changed and what's not so it knows how
to check which checksums.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150613/e80c8ab1/attachment.sig>
More information about the cryptography
mailing list