Re: [Condor-devel] Avoiding redundant executables in the SPOOL

[Ian Alderman <alderman@xxxxxxxxxxx>]

Alan,

I've implemented some of this stuff to support signing external files  
as part of signed ClassAds.  We should avoid duplicating this work.   
In that context, we automatically include the hash of the executable  
and any input files that get transferred in the ClassAd before signing  
it.  Does it make sense in your context to do this for input files as  
well?

Although in your problem domain security isn't a goal, in signed  
ClassAds, it is, so we need to make sure that the hashing algorithm  
supports more secure options (and more generally, options).  This is  
because it's possible to create two different files that hash to the  
same value but are valid executables that do different things.  (I've  
also been working on adding support for other integrity methods within  
CEDAR).

MD5 is broken:
http://www.mscs.dal.ca/~selinger/md5collision/

SHA-1 is getting broken:
http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

I doubt that calculating the hash of an executable would be painful  
anywhere; it's barely more work on a modern machine than reading the  
file.  Since executables are not generally very large, I wonder if  
optimizations to avoid hashing would be really necessary.

If we support input files as well, though, this could bring pain.  One  
good option (which you suggest) would be to +specify the checksum in  
the submit file.

-Ian