The SHA-1 hash has known weaknesses, we should migrate to a SHA-2 digest algorithm. See https://fedoraproject.org/wiki/Features/StrongerHashes for more rationale and information.
SHA-1 is currently used in the SHA1SUM files used to authenticate the release, both for hashes of the signed files and for the hash used inside the GPG signature.
It is not necessary to rename the file each time each time a new hash is used because the coreutils *sum utilities ignore incorrectly formatted lines. We can therefore create a signed ISO-SUMS file that starts with the following text
(or add the text to installation guide?):
This file is digitally signed: if you have the Fedora N key in your keyring,
verify the authenticity of the file using (gpg --verify ISO-SUMS).
If you have downloaded ISO images to the same directory as this file, verify
them using the first command from the following list available on your
[commands newer hash types would go here in the future]
$ sha256sum -c ISO-SUMS
$ sha1sum -c ISO-SUMS
The cryptographic hashes follow.
[output of newer *sum programs would go here in the future]
(This also allows running (sha1sum ISO-SUMS) from a script for all releases that use ISO-SUMS, even if newer hashes are available; that doesn't help security any, but it makes script writing a bit more convenient.)
In addition to using sha256sum to compute published hashes, the digital signature needs to use SHA-256: generate it using (gpg --digest-algo sha256 ...). To make sure the public key signature is at least comparably strong to the hash, the public key used to sign the file should be at least 2048 bits long. RPM currently supports only RSA keys for signatures embedded in packages (see #479859) - so the Fedora 11 release key should be a RSA key with key size at least 2048 bits.
To generate such signatures using sigul, update to sigul-0.92 (from
http://people.redhat.com/mitr/rpmsigner ) and configure it to use SHA-256:
echo 'personal-digest-preferences sha256 sha1'>
(this affects all keys managed by this sigul installation, but the default
1024-bit DSA keys can only use a 160-bit hash, so SHA-1 will be used for
1024-bit DSA keys, the same as if this preference were not set.)
Created attachment 330357 [details]
Create ISO-SUMS instead of SHA1SUM, use both sha256 and sha1
Attached is a proposed patch.
I have tested all changes except for the high-level doCreateIsos() method.
I've written something slightly different and just pushed it upstream.