From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH] use SHA256 for image checksums Date: Fri, 14 Sep 2018 17:10:15 +0200 Message-ID: <20180914151015.5605-1-peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0502571714046759997==" List-Id: --===============0502571714046759997== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit SHA1 is legacy crypto and known to be weak (collision attacks). Thereof, SHA256 is used instead to provide strong checksums for verifying our release images. Partially fixes: #11345 Signed-off-by: Peter Müller --- webapp/backend/releases.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/webapp/backend/releases.py b/webapp/backend/releases.py index 79e3468..fa63a44 100644 --- a/webapp/backend/releases.py +++ b/webapp/backend/releases.py @@ -279,16 +279,16 @@ class Release(Object): return file def __file_hash(self, filename): - sha1 = hashlib.sha1() + sha256 = hashlib.sha256() with open(filename) as f: buf_size = 1024 buf = f.read(buf_size) while buf: - sha1.update(buf) + sha256.update(buf) buf = f.read(buf_size) - return sha1.hexdigest() + return sha256.hexdigest() def scan_files(self, basepath="/srv/mirror0"): if not self.path: -- 2.16.4 --===============0502571714046759997==--