[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: MD5 is broken
|
From: |
Peter Conrad |
|
Subject: |
Re: [Gnu-arch-users] Re: MD5 is broken |
|
Date: |
Wed, 16 Mar 2005 12:39:10 +0100 |
|
User-agent: |
KMail/1.6.2 |
Hi,
Am Mittwoch, 16. März 2005 11:51 schrieb Karel Gardas:
> On Wed, 16 Mar 2005, Peter Conrad wrote:
> > Hi,
> >
> > On Wed, Mar 16, 2005 at 12:26:30PM +0600, Ivan Boldyrev wrote:
> > > Tom Lord merges sexy patch. Even if he will re-sign patch,
> > > MD5 sum in ./checksum will be same because *.patches.tar.gz is same.
> >
> > this is wrong. If Tom merges your patch, he will automatically create
> > additional log entries in his own branch. This (among other things, like
> > changed timestamps) will lead to a file with a different MD5 sum.
>
> I'm afraid the whole message is a bit different: hack the mirror, hack the
> patch while keeping MD5 intack and let your attack to software X spread
> thorough the world.
I understood Ivan's scenario like this:
1. attacker creates Patch-A (harmless) and Patch-B (evil) with identical
checksums
2. attacker submits Patch-A to maintainer
3. maintainer integrates Patch-A into software, signing it
4. attacker hacks mirrors and replaces signed Patch-A with Patch-B
To which I answered that step 3 will normally change the MD5 sum that's
actually signed. Which means that replacing the patch will invalidate
the signature.
> I've just now looked at tla and baz and found that at least mirror on:
> http://bazaar.canonical.com/archives/address@hidden/ uses also
> SHA-1 hashes. Since SHA-1 is also considered weak these days, this
> does not add that much security, but certainly at least something
> before arch move to some more secure hash implementation.
Combining different hashes in the signature should make attacks a lot
more difficult, because an attacker would have to produce collisions
for all hashes at the same time. Of course, *all* hashes must be
validated when checking the signature, instead of validating only one
of them.
Bye,
Peter
--
Peter Conrad Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH Fax: +49 6102 / 80 99 071
Bahnhofstr. 18 http://www.tivano.de/
63263 Neu-Isenburg
Germany
- Re: [Gnu-arch-users] Re: MD5 is broken, (continued)
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Jan Hudec, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Tom Lord, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Tom Lord, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Matthew Dempsky, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Andrew Suffield, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Peter Conrad, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken,
Peter Conrad <=
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Jason McCarty, 2005/03/16
- [Gnu-arch-users] Re: MD5 is broken, Matthieu Moy, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Aaron Bentley, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Aaron Bentley, 2005/03/16