Arch Linux

Description:

MD5 hashes are highly exploitable. Collisions can be created using off the shelf hardware in seconds.[1] Many AUR PKGBUILD files rely upon MD5 without using https:// to download files from upstream servers. Therefore a man in the middle attack can spoof the identity of a tarball, allowing for arbitrary code execution.

Since PKGBUILDs downloaded through https:// are effectively signed by the archlinux servers, any tarballs backed by sha256sums are as well. This offers robust defense against active man in the middle attacks. Although there are other significant attack vectors still open, having this standard removes a weak link in the chain of trust.

I believe ArchLinux users will benefit from AUR transitioning away from MD5 hashes. This could be achieved by disallowing md5sums in new uploads of PKGBUILDs. After that, stale PKGBUILDs using md5sums could be left alone, uploaders could be contacted, and/or makepkg could issue a warning.

admittedly,

sha256sums=('4ceca3a59b65630e849b89133f220def775009017ca2c3d689df27b7745040a9'
'a6293cbabb2b29e114fa6cb1784ccd46eaedb74b5cc3abc69734eb9ef0abc96a')

is quite long text, but it fits in a standard 24x80 character terminal.


TL;DR: Since MD5 is horribly insecure, let's disallow its use in future PKGBUILD uploads. Transitioning AUR away from MD5 will strengthen the chain of trust for tarballs downloaded over http://, thus preventing arbitrary code execution.


[1] https://en.wikipedia.org/wiki/MD5#Security