Kevin Fenzi wrote: > On Wed, 30 Dec 2015 19:38:35 +0100 > Björn Persson <bj...@xn--rombobjrn-67a.se> wrote: > > Without commit access to Git the attacker couldn't edit the sources > > file, so – assuming that everything that uses the lookaside cache > > bothers to verify the checksum – the attacker would have to forge a > > tarball that has the same MD5 hash as the original. That is an > > attack on the second-preimage resistance of MD5. > > I don't think even that would work, as you cannot upload new sources > with the same md5sum as an existing upload. It would just tell you > it's already uploaded.
OK, that reduces the attack window as the attacker would have to upload the malicious tarball after a release has been made upstream but before the maintainer gets around to upgrading the package. > > But still, why are we still using MD5? > > It's being worked on, we just haven't gotten there yet... > > See: > > https://fedorahosted.org/rel-eng/ticket/5846 Good. Better late than never. Björn Persson
pgpu_8sphDK0k.pgp
Description: OpenPGP digital signatur
-- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
