Displaying 2 results from an estimated 2 matches for "crypto101".
2015 Oct 15
3
Package integrity check via SHA256 or OpenPGP possible?
Dear list,
I'm using R in a corporate environment and was interested how R checks integrity of packages during an installation.
I saw (and verified my suspicion in the code[1]) that the verification purely relies on MD5.
>From an IT security perspective, this can be improved.
My question is: Is is possible to force R to verify integrity via SHA256 or even OpenPGP signatures?
If not are
2015 Oct 15
0
Package integrity check via SHA256 or OpenPGP possible?
...256 or even OpenPGP signatures? If not are there any plans to support better hashes than MD5? As the source code looks, an extension to support other (optional) hash values would be quite easy.
A hash is not the same thing as a signature. If you need an
introduction to these topics I recommend www.crypto101.io.
Adding sha256 support would indeed be easy but we wouldn't gain much.
Coincidental md5 collisions are very unlikely. If you are considering
deliberate attacks on the network, a hash function is not going to
help as the attacker can just recompute the hash along with the
tampered package....