Roland Clobus
2024-12-15 10:50:01 UTC
Hello list,
In the Debian-installer main menu the entry 'Check the integrity of
installation media' verifies whether the currently booted image is
untampered (package=cdrom-checker).
It reads the file 'md5sum.txt' and verifies all files listed there [1].
In live-build we provide sha256sum.txt since 2020-03-18, since MD5
checksums are known to be insecure.
There are good instructions on the download pages [2] that help with
verification of the downloaded ISO file using sha256 and sha512, but the
verification on a booted medium uses only md5.
Could/Should the checksum file be upgrade to use sha256 instead of md5?
I could provide a MR if desired.
The cost: 32 additional bytes per file. (With currently about 1200 files
that would be 38KiB)
With kind regards,
Roland Clobus
[1] https://sources.debian.org/src/cdrom-checker/1.65/main.c/#L115
[2] https://get.debian.org/images/weekly-live-builds/amd64/iso-hybrid/
In the Debian-installer main menu the entry 'Check the integrity of
installation media' verifies whether the currently booted image is
untampered (package=cdrom-checker).
It reads the file 'md5sum.txt' and verifies all files listed there [1].
In live-build we provide sha256sum.txt since 2020-03-18, since MD5
checksums are known to be insecure.
There are good instructions on the download pages [2] that help with
verification of the downloaded ISO file using sha256 and sha512, but the
verification on a booted medium uses only md5.
Could/Should the checksum file be upgrade to use sha256 instead of md5?
I could provide a MR if desired.
The cost: 32 additional bytes per file. (With currently about 1200 files
that would be 38KiB)
With kind regards,
Roland Clobus
[1] https://sources.debian.org/src/cdrom-checker/1.65/main.c/#L115
[2] https://get.debian.org/images/weekly-live-builds/amd64/iso-hybrid/