You are not logged in.
Looking at the downloads page, I see that the bittorrent protocol used hasn't been updated. Why is it not updated to the new v2 protocol? It uses SHA 256 to protect against hash collisions. New torrents also run in compatibility mode, so seeding of the old version should be unaffected. It seems this should be especially important since no trackers are used and the hash is the only identifier of the torrent. Sure, it's not an issue so long as everyone verifies the signature of the image, but this seems like it would be fairly simple to change.
Edit: link for more info: https://blog.libtorrent.org/2020/09/bittorrent-v2/
Last edited by the_mungler (2022-10-27 04:08:22)
Offline
archlinux/archweb issues #432: Support v2 and hybrid v1&v2 torrents
Though security is not the right motivation behind this motion. Signature still has to be verified. That’s because the magnet link is served by a partially trusted 3rd party,⁽¹⁾ itself being a single point of failure.
____
⁽¹⁾ Currently Hetzner.
Last edited by mpan (2022-10-27 04:40:36)
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
well, for a first time user, they also get the pgp signatures from the same partially trusted 3rd party, right? unless I'm misunderstanding how pgp signatures work. The listed checksums on the download page also can't be trusted if we assume the web host is an adversary.
Offline
Signatures do not need to come from a trusted source. That’s not how assymetric cryptography works. What is being verified is the (data, signature) pair, which is usually conveyed as a single unit through the same insecure channel. ISOs simply detach the signature into a separate file for convenience. But that does not affect security in any way.
One can always invent a corner case in which there will be some advantage, of course. But there is a huge difference between making something a reason behind an action, and something being a supporting argument of lesser importance. So do not waste time of either of us two by trying to invent such cases. I can easily do that myself, and I am very well aware of them, considering that I was supporting moving to stronger hashes in AUR.
Last edited by mpan (2022-10-27 13:24:02)
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
You're right, everyone should be verifying signatures, so authentication of the ISO file isn't the right motivation for switching. Here's a different argument without going into pgp signature validating: The bittorrent protocol is the recommended way to obtain ISO files. Since the old version of the protocol uses sha1, it is possible a bad actor could create a hash collision for one of the pieces of the torrent and seed it. Since the hashes match, torrent clients would download the piece and go on to distribute the bad piece to other peers. The whole swarm could be tainted , and many users could end up with a bad file. This is known as the BitErrant attack. To my knowledge, no one has successfully exploited this, but it is possible.
Last edited by the_mungler (2022-10-27 18:04:18)
Offline