SHA1 (and other weak hashes) no longer trusted... for what?

In light of the Strong Crypto Settings 3 proposed change, I realized I wasn’t clear on what exactly SHA1 would no longer be trusted for. Just authentication? Or systemwide?

I ask because, AFAIK dnf is still using md5 (!) to verify deltarpm payloads.

An argument can be made that it’s fine, because it’s just a checksum and there’s no sensitive data in the package contents that needs to be kept secure. I get that.

But at the same time, using a more robust hash couldn’t hurt, and would reduce the (already extremely low, admittedly) possibility of collisions.

Should we worry about any remaining uses of MD5 / SHA1 for non-authentication purposes?

I feel that when a particular algorithm is deprecated or no longer to be trusted then all the tools using that algorithm should be updated as quickly as possible.

Dnf for example could be updated with a new release and thus all the packages in the repo for that release could have the updated signatures to avoid a sudden spate of incompatible signatures/keys. A tool such as dnf could even be managed for one release cycle to accept both the older md5/sha1 keys as well as the newer & better keys to improve the transition

I do not believe that saying it is ok to continue using the older weaker keys is good, because who knows when someone might manage to slip something nefarious past.

1 Like