Accept SHA1 hash algorithm

[Rustin170506]

close #3250

[Rustin170506]

Tested locally:

➜  rustup git:(master) ✗ RUSTUP_HOME=home CARGO_HOME=home home/bin/rustup install 1.8.0 
info: syncing channel updates for '1.8.0-aarch64-apple-darwin'
info: latest update on 2016-04-12, rust version 1.8.0 (db2939409 2016-04-11)
error: target 'aarch64-apple-darwin' not found in channel.  Perhaps check https://doc.rust-lang.org/nightly/rustc/platform-support.html for available targets

[rbtcollins]

So this permits SHA1 in any context, which will permit it to be used to attack distributions, and it really is thoroughly broken for plain collision resistance. https://sequoia-pgp.org/blog/2023/02/01/202302-happy-sha1-day/

I don't know yet whether the failed signatures are:
a) a bug in the sequoia binding-case detection
b) some other place SHA1 is turning up in our distribution signatures that is attacker controlled

If it is (a) the fix is to work with sequoia to get their extended period fixed, or to issue new binding signatures on the keyring we're using (using keyring-linter), or both.

If it is (b) we need to cover that case once we understand it, since it means we are flat vulnerable.

[Rustin170506]

So this permits SHA1 in any context, which will permit it to be used to attack distributions, and it really is thoroughly broken for plain collision resistance. https://sequoia-pgp.org/blog/2023/02/01/202302-happy-sha1-day/

We had a discussion about it last time. You can see #3186 (comment)

@nwalfield Do you have any thoughts about this issue? Could you please give us some help? Thanks!

@pietroalbini Could you please share how we sign these manifest files in our release process? Thanks!

[nwalfield]

I agree with @rbtcollins, this patch allows data signatures, which definitely require collision resistance, using SHA-1. We definitely don't want that.

It would be good to understand where the data signatures using SHA-1 are coming from and fix that.

[rbtcollins]

.

[Rustin170506]

Closed by #3277