diff mbox series

use SHA256 for image checksums

Message ID	20180914151015.5605-1-peter.mueller@link38.eu
State	Dropped
Headers	From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@link38.eu> To: development@lists.ipfire.org Subject: [PATCH] use SHA256 for image checksums Date: Fri, 14 Sep 2018 17:10:15 +0200 Message-Id: <20180914151015.5605-1-peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ipnet: 2a03:4000::/32(-4.95), asn: 197540(-3.96), country: DE(-0.09)]; ASN(0.00)[asn:197540, ipnet:2a03:4000::/32, country:DE]; RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%] Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	use SHA256 for image checksums \| use SHA256 for image checksums

Commit Message

Peter Müller Sept. 15, 2018, 1:10 a.m. UTC

  SHA1 is legacy crypto and known to be weak (collision attacks). Thereof,
SHA256 is used instead to provide strong checksums for verifying our
release images.

Partially fixes: #11345

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
 webapp/backend/releases.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff mbox series

Patch

diff --git a/webapp/backend/releases.py b/webapp/backend/releases.py
index 79e3468..fa63a44 100644
--- a/webapp/backend/releases.py
+++ b/webapp/backend/releases.py
@@ -279,16 +279,16 @@  class Release(Object):
 				return file
 
 	def __file_hash(self, filename):
-		sha1 = hashlib.sha1()
+		sha256 = hashlib.sha256()
 
 		with open(filename) as f:
 			buf_size = 1024
 			buf = f.read(buf_size)
 			while buf:
-				sha1.update(buf)
+				sha256.update(buf)
 				buf = f.read(buf_size)
 
-		return sha1.hexdigest()
+		return sha256.hexdigest()
 
 	def scan_files(self, basepath="/srv/mirror0"):
 		if not self.path: