Re: [Gnu-arch-users] Re: MD5 is broken

[Karel Gardas]

On Wed, 16 Mar 2005, Tom Lord wrote:

>
>
> It makes more sense to beef up security in a multi-modal fashion.
>
> For example, arch's security model already presumes that client
> machines are secure.  Therefore, the use of md5 in core arch is
> ultimately just a redundant (except on NFS :-) layer of verification
> of the transports and storage layers.  Little would be gained by
> strengthening the hash function given the kinds of disasters it
> properly protects against.

I was in impression that patch signing was created mainly for making
trusted archive mirrors on untrusted hosts possible. As Ivan already
pointed out, MD5 seems to be the weakest point in Arch patch signing,
hence my fears spread over this list. Or does Arch security model also
assumes continual verification/comparison of original trusted archives
with all its mirrors on untrusted hosts or some other kind of
verification? If so, this is just news for me and I should rework part of
my infrastrusture for our projects!

Thanks,
Karel
--
Karel Gardas                  address@hidden
ObjectSecurity Ltd.           http://www.objectsecurity.com