[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: MD5 is broken
From: |
Adrian Irving-Beer |
Subject: |
Re: [Gnu-arch-users] Re: MD5 is broken |
Date: |
Wed, 16 Mar 2005 10:28:05 -0500 |
User-agent: |
Mutt/1.5.6+20040907i |
On Wed, Mar 16, 2005 at 09:16:08AM -0600, John Arbash Meinel wrote:
> >Presumably since it also wants to sign the log file, but avoid a
> >detached signature for every file (ugly).
>
> Why not put both detached signatures into the checksum file?
How would it know which file gets which signature? I don't think the
name is actually stored in the detached signature. Even if arch
guessed, wouldn't that degrade security?
Don't forget that PGP signing is just asymmetric signing of a hash
anyway. If you have a logfile, a cacherev, and a patch in the same
directory, that's three different hashes.
If arch doesn't 'know' (in both the technical and the trustworthy
sense) which one applies to which file, you've given an attacker three
different hashes they could try to emulate -- effectively, IIUC,
you've cut the difficulty in three.
IMO, I like the idea of two (or more) different hashes being applied
and all being checked. I'd like to see the file size being recorded
as well. The difficulty of matching all hashes, and doing so with the
given file size, is high enough to make the arch step a no-op.
If arch's step doesn't degrade (or contribute to) security, we then
just rely purely on PGP for the security. (And if PGP goes down,
we're kinda hosed anyway.)
signature.asc
Description: Digital signature
- Re: [Gnu-arch-users] Re: MD5 is broken, (continued)
- Re: [Gnu-arch-users] Re: MD5 is broken, Peter Conrad, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Peter Conrad, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Jason McCarty, 2005/03/16
- [Gnu-arch-users] Re: MD5 is broken, Matthieu Moy, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken,
Adrian Irving-Beer <=
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Aaron Bentley, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Aaron Bentley, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- [Gnu-arch-users] Re: MD5 is broken, Ivan Boldyrev, 2005/03/17
- Re: [Gnu-arch-users] Re: MD5 is broken, James Blackwell, 2005/03/21
- Re: [Gnu-arch-users] Re: MD5 is broken, Matthew Dempsky, 2005/03/22
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/22
- [Gnu-arch-users] Re: MD5 is broken, Matthieu Moy, 2005/03/22