Module file parse API

[Paul Sandoz]

On Jun 21, 2012, at 1:59 PM, Sean Mullan wrote:

> On 6/21/12 6:36 AM, Paul Sandoz wrote:
> 
>>>> Having said that, I've been somewhat dubious on the overall
>>>> value/purpose of the hashes inside the module file. They don't
>>>> provide any security without something additional such as a
>>>> signature, but when generating the signature, it has to
>>>> recalculate all of the hashes again to be sure they are still
>>>> correct since the module file was created. So their only value is
>>>> as a checksum, but my experience with checksums is that they are
>>>> usually stored separately from what they are computed over.
>>> 
>>> I view the hashes in an unsigned module file as a checksum also,
>>> but I think they are very useful. For example, if a tool is only
>>> interested in the classes of a module file, it can skip to the
>>> classes section, extract/process it, validate the hash, and exit
>>> without having to finish reading the remainder of the module file.
>>> This is nice, especially if the module file is being read from a
>>> remote stream, and only possible with per section hashes.
>>> 
>> 
>> Also one does not have to upload/download separate data to/from a
>> repository for the content and the hash of the content. This also has
>> the advantage that the repository can verify the hashes before
>> accepting deployment of a module (instead of say uploading using
>> multipart MIME).
> 
> Ok, but I want to be sure I understand what you think the value of the hashes provides. Hashes without a signature don't provide any security since an attacker can change both the data and the hash without detection.

Yes.


> How are they providing value as a checksum? Do you think it will be common for someone to change the internal sections of the module file without updating the corresponding section hash?
> 


No. Not someone but something by non-nefarious means :-) Bit rot on network transmission or on disk.

Paul.