Tim Lauridsen wrote: > How do i handle a situation where someone, without my knowledge > uploads new sources to one of my projects. It could be a security > problem ?
While I trust that Francesco had only good intentions, the general question remains: Is it possible to modify a package without commit access by uploading a modified source tarball to the lookaside cache? Without commit access to Git the attacker couldn't edit the sources file, so – assuming that everything that uses the lookaside cache bothers to verify the checksum – the attacker would have to forge a tarball that has the same MD5 hash as the original. That is an attack on the second-preimage resistance of MD5. Practical collision attacks on MD5 have existed for more than a decade, but to the best of my knowledge no practical second-preimage attack is known yet. Thus it's probably not practically possible to do this at this time, except maybe to certain well-funded government agencies around the world, who may have made further advances attacking MD5 than the open cryptographic community has. But still, why are we still using MD5? Björn Persson
pgplcd9pkFqgg.pgp
Description: OpenPGP digital signatur
-- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
