Bug#454666: MD5 signatures provide no security
Package: dpkg Version: 1.13.25 Severity: critical Note: reported against the current version of dpkg, but applies equally to all versions up to the present time. MD5 checksums are not secure. A recently discovered mathematical technique allows *ANY* document containing a few attacker-chosen random blocks to have any chosen MD5 checksum. The paper is titled Vulnerability of software integrity and code signing applications to chosen-prefix collisions for MD5 by Arjen Lenstra and Benne de Weger, Bell Laboratories. Full text is available online.[1] In particular, it is now computationally feasible for a single attacker with a desktop machine to modify any executable of his or her choosing to have any desired MD5 checksum. Exploitation of this flaw would allow an attacker to substitute arbitrary code for any legitimate Debian package using a man in the middle attack undetected whenever a user is installing new software, or to put up a debian mirror site or repository containing arbitrary code disguised as legitimate Debian software and having the same checksums. Ray Dillinger [1] http://www.win.tue.nl/hashclash/SoftIntCodeSign/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#454666: MD5 signatures provide no security
Processing commands for [EMAIL PROTECTED]: reassign 454666 apt Bug#454666: MD5 signatures provide no security Bug reassigned from package `dpkg' to `apt'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#454666: MD5 signatures provide no security
reassign 454666 apt thanks On Thu, Dec 06, 2007 at 02:33:06PM -0800, [EMAIL PROTECTED] wrote: Exploitation of this flaw would allow an attacker to substitute arbitrary code for any legitimate Debian package using a man in the middle attack undetected whenever a user is installing new software, or to put up a debian mirror site or repository containing arbitrary code disguised as legitimate Debian software and having the same checksums. dpkg does at no time verify anything about the origin of packages. Only apt does. Gruesse, -- Frank Lichtenheld [EMAIL PROTECTED] www: http://www.djpig.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#454666: MD5 signatures provide no security
Quoting Frank Lichtenheld ([EMAIL PROTECTED]): reassign 454666 apt thanks On Thu, Dec 06, 2007 at 02:33:06PM -0800, [EMAIL PROTECTED] wrote: Exploitation of this flaw would allow an attacker to substitute arbitrary code for any legitimate Debian package using a man in the middle attack undetected whenever a user is installing new software, or to put up a debian mirror site or repository containing arbitrary code disguised as legitimate Debian software and having the same checksums. dpkg does at no time verify anything about the origin of packages. Only apt does. Apart from that, I don't really understand the urgency of riding big horses at the speed of light reporting an RC bug against part of our architecture only because an (sorry for being rude) obscure proof of concept just got unveiled. I don't think that ringing the trumpets of Apocalypse is exactly the best way to work on the issue. Please call me wrong as long as you want but I'd really like to see people I trust in this project bring some advice on that issue. signature.asc Description: Digital signature
Bug#454666: MD5 signatures provide no security
severity 454666 normal thanks On Thu, Dec 06, 2007, [EMAIL PROTECTED] wrote: In particular, it is now computationally feasible for a single attacker with a desktop machine to modify any executable of his or her choosing to have any desired MD5 checksum. Ray, Debian is not Slashdot. I urge you to actually read the paper you are referring to before making such claims. A chosen-prefix attack certainly does *not* allow to modify an executable to have a desired MD5 checksum. Chosen-prefix attacks do allow to build two different packages with the same checksum. But until proven otherwise that requires the complicity of the Debian maintainer, who is trusted anyway, so you will need to provide a realistic attack scenario in order for your bug report to be considered seriously. Regards, -- Sam. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]