gpg signatures for release tarballs
Alexander Sotirov
alex at sotirov.net
Tue Mar 4 22:25:20 EST 2008
On Mon, Mar 03, 2008 at 09:02:59PM +0100, Andreas K?hler wrote:
> As you can see the GnuCash 2.2.4 release announcement contained md5sums
> and was signed with my private gpg key. I hope that is better than
> before.
This is certainly better than nothing, but the MD5 algorithm has been broken
and should not be used in the way you're using it. An MD5 collision attack can
be used to generate two tar.gz files with different contents and the same MD5
hash. Even if a user verifies your signature of the release announcement and
checks the MD5 signature, there is no guarantee that the file has not been
replaced with a malicious one.
See http://www.mathstat.dal.ca/~selinger/md5collision/ for more details.
Instead of signing the MD5 hashes, you should sign the tar.gz files with:
gpg -b file.tar.gz
This will generate a new file called file.tar.gz.sig, which can be verified with:
gpg --verify file.tar.gz.sig
Take care,
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.gnucash.org/pipermail/gnucash-devel/attachments/20080304/c0b6f1bc/attachment.bin
More information about the gnucash-devel
mailing list