[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: MD5 is broken
|
From: |
John Arbash Meinel |
|
Subject: |
Re: [Gnu-arch-users] Re: MD5 is broken |
|
Date: |
Wed, 16 Mar 2005 09:43:24 -0600 |
|
User-agent: |
Mozilla Thunderbird 1.0 (Macintosh/20041206) |
Adrian Irving-Beer wrote:
On Wed, Mar 16, 2005 at 09:16:08AM -0600, John Arbash Meinel wrote:
Presumably since it also wants to sign the log file, but avoid a
detached signature for every file (ugly).
Why not put both detached signatures into the checksum file?
How would it know which file gets which signature? I don't think the
name is actually stored in the detached signature. Even if arch
guessed, wouldn't that degrade security?
My original proposal was to keep the checksum file signed in entirety,
leave in the md5 (and maybe sha), and then add a line for
gpg log taheunthaoenuthnaotehunaoheunthoanetuh
Same as the rest of the lines, just the content would be the gpg
signature of the file rather than just a hash. I think you could get
away with a base64 encoded on the raw binary, since gpg likes to wrap
lines, which doesn't work well with the checksum file. *or* you could
strip of the "-----" lines, unwrap (leave a space) the signature, then
you can just re-wrap and add the surrounding lines when you go to check
the sigs.
Don't forget that PGP signing is just asymmetric signing of a hash
anyway. If you have a logfile, a cacherev, and a patch in the same
directory, that's three different hashes.
If arch doesn't 'know' (in both the technical and the trustworthy
sense) which one applies to which file, you've given an attacker three
different hashes they could try to emulate -- effectively, IIUC,
you've cut the difficulty in three.
IMO, I like the idea of two (or more) different hashes being applied
and all being checked. I'd like to see the file size being recorded
as well. The difficulty of matching all hashes, and doing so with the
given file size, is high enough to make the arch step a no-op.
I agree that it seems fine. I also think, though, that signing a hash is
weaker than signing the original. Especially when you can configure the
signing step to use a stronger hash, but you're stuck with the weaker
hashes in the checksum file.
gpg --digest-algo SHA512
If arch's step doesn't degrade (or contribute to) security, we then
just rely purely on PGP for the security. (And if PGP goes down,
we're kinda hosed anyway.)
John
=:->
signature.asc
Description: OpenPGP digital signature
- Re: [Gnu-arch-users] Re: MD5 is broken, (continued)
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Peter Conrad, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Peter Conrad, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Jason McCarty, 2005/03/16
- [Gnu-arch-users] Re: MD5 is broken, Matthieu Moy, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken,
John Arbash Meinel <=
- Re: [Gnu-arch-users] Re: MD5 is broken, Aaron Bentley, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Aaron Bentley, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- [Gnu-arch-users] Re: MD5 is broken, Ivan Boldyrev, 2005/03/17
- Re: [Gnu-arch-users] Re: MD5 is broken, James Blackwell, 2005/03/21
- Re: [Gnu-arch-users] Re: MD5 is broken, Matthew Dempsky, 2005/03/22
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/22
- [Gnu-arch-users] Re: MD5 is broken, Matthieu Moy, 2005/03/22
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/22