F-Droid apk signing key (SHA1) is vulnerable to SHAttered attack

#1

The FDroid apk signing key still uses SHA1 despite its vulnerability to the SHAttered attack and others like it. While this subject was touched upon in a previous thread it it might be prudent to start looking for a way to move to a more secure hash function. This may be seen as low risk, but its still a risk.

3 Likes
#2

There is a follow up attack on SHA-1 recently announced this year a month ago making the transition from the hash more urgent.

2 Likes
#3

cc/ @hans I know you guys at The Guardian Project take security seriously.

#4

Android 4.2 and older do not support SHA256 signatures at all, so
switching the APK signature means entirely dropping support for Android
4.2 and older. That’s the only reason I know why we haven’t done it
already.

Also, it is not a particularly high priority since there are also GPG
signatures on the APKs, and the there is the index signatures that signs
the SHA-256 of every APK in a repo. Then there is also good HTTPS
config. Plus the upcoming F-Droid v1.8 will drop TLSv1.0 and TLSv1.1
entirely on devices that support it.

For more info: https://f-droid.org/docs/Security_Model

2 Likes
Mastodon