Document that users should change default Android cert password #1816
Conversation
|
Note that Claire reviewed the draft documentation here for me in person, but I forgot to get her GitHub. |
docs/how-to/code-signing/android.rst
Outdated
| Previously, it has been considered safe to use the default password. However, | ||
| recent advancements in SHA-1 attacks make that inadvisable. |
There was a problem hiding this comment.
If an attacker has the file and it uses the default password, then they can already access the key; they don't need to break any hashes. If an attacker doesn't have the file, then surely the password doesn't matter. So what's the significance of SHA-1 here?
There was a problem hiding this comment.
If the attacker doesn't have the file, the password enables them to get the SHA-1 fingerprint of the file. As of 2020 in a research environment SHA-1 fingerprint collisions could be generated accurately for $11k, and since then the decreases in relevant hardware prices make it even cheaper.
I'm hoping to hint which direction somebody should go in to learn more without trying to make everybody catch up on it. If you've got a better idea for a hint (or if this project prefers not to leave hints), I'm very open to suggestions! This is my first contribution for this project 😅
There was a problem hiding this comment.
Noting here that we chatted about this in person and then I did some extra research, and we're pretty sure this attack still requires access to the keystore file. It's still important to update the password, but maybe not bad enough to warrant the admonition, since (in its current form) it's likely to confuse people who aren't super into this specific topic.
Accordingly, I'll remove the admonition but keep the revised wording earlier on.
Removing admonition per in-person discussion with @freakboy3742 at PyconUS2024
|
...I tagged the wrong person in that commit message, and it was actually @mhsmith I was chatting with in person. Unfortunately, it was such a small change I made it in the GitHub web UI and I'm not sure amending the message is worth a force push? |
Update docs to clarify that SHA-1 is now breakable enough that the Android password matters
Updated android.rst to clarify that recent improvements to intentional SHA-1 collision development bringing the cost of an attack under USD$10k mean that you reallllly actually should change the password from default, but in a hopefully-user-friendly FUD-free way. I updated the existing description and added an admonition to emphasize that you really ought to update it.
Previously the docs said that you didn't need to change the password.
PR Checklist: