Re: [Gnu-arch-users] Re: MD5 is broken

[Adrian Irving-Beer]

On Wed, Mar 16, 2005 at 09:16:08AM -0600, John Arbash Meinel wrote:

> >Presumably since it also wants to sign the log file, but avoid a
> >detached signature for every file (ugly).
>
> Why not put both detached signatures into the checksum file?

How would it know which file gets which signature?  I don't think the
name is actually stored in the detached signature.  Even if arch
guessed, wouldn't that degrade security?

Don't forget that PGP signing is just asymmetric signing of a hash
anyway.  If you have a logfile, a cacherev, and a patch in the same
directory, that's three different hashes.

If arch doesn't 'know' (in both the technical and the trustworthy
sense) which one applies to which file, you've given an attacker three
different hashes they could try to emulate -- effectively, IIUC,
you've cut the difficulty in three.

IMO, I like the idea of two (or more) different hashes being applied
and all being checked.  I'd like to see the file size being recorded
as well.  The difficulty of matching all hashes, and doing so with the
given file size, is high enough to make the arch step a no-op.

If arch's step doesn't degrade (or contribute to) security, we then
just rely purely on PGP for the security.  (And if PGP goes down,
we're kinda hosed anyway.)

signature.asc
Description: Digital signature