Re: where'd security.debian.org go?
On Thu, 2007-06-14 at 00:32 -0400, Jim Popovitch wrote: > What's up with security.debian.org? Apt is missing it. ;-) Of course, as soon as I send the email disregard previous email, apologies. -Jim P. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
where'd security.debian.org go?
What's up with security.debian.org? Apt is missing it. ;-) -Jim P. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Time to replace MD5?
On Tue, Jun 12, 2007 at 07:39:38PM -0400, Joey Hess wrote: > Bernd Eckenfels wrote: > > Because open source is all about choice. > > So it's there because of a platitude? > > > There might be admins using dpkg -i > > or security officers who build their local mirrors manually. > > Then why don't we include md5sums and wget commands for all packages in > stable point release annoucements? Why not include them in major release > announcements too? Or are these things somehow less "all about choice"? Yes, there are a lot of us who use dpkg -i, and do it very often. I may be missing something in this thread because it seems to blatently obvious to me that this is a necessary and important tool that I am having difficulty understanding where this is going. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Time to replace MD5?
On Wed, Jun 13, 2007 at 11:14:15PM +0200, Steffen Schulz wrote: On 070613 at 10:43, Florian Weimer wrote: > AND the fact that it needs to be a valid .deb archive, they are > probably more than strong enough. This is actually not much of a problem: http://www.cits.rub.de/MD5Collisions/ One example how to create two files with same hash that act differently. Should work with most active content. Cool. So the security team can rig an executable that can be modified and still have the same md5. With the above results, it would be possible to officially distribute nice behaving software but present specific targets with modified packages that do evil. Yup. Or the security team could just plant a regular backdoor, and not worry about the md5 hash. A sha hash isn't going to change that at all. If you don't trust the security team, you probably shouldn't install security updates. Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Time to replace MD5?
On 070613 at 10:43, Florian Weimer wrote: > > AND the fact that it needs to be a valid .deb archive, they are > > probably more than strong enough. This is actually not much of a problem: http://www.cits.rub.de/MD5Collisions/ One example how to create two files with same hash that act differently. Should work with most active content. Kaminsky did the same with self-extracting executables: http://www.doxpara.com/md5_someday.pdf > That, and the "evil twin" package would have to be prepared by the > securty team as well, which isn't a relevant scenario (because they > could put a backdoor in the original without attacking the hash). So apt-get signatures use a secure hash function? With the above results, it would be possible to officially distribute nice behaving software but present specific targets with modified packages that do evil. Workaround would be to check two hashes(md5,sha1) or an XOR of them. /pepe -- # (o_ #+49/1781384223 //\-xgpg --recv-key A04D7875 V_/_Use the source, Tux! mailto: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Time to replace MD5?
* Henrique de Moraes Holschuh: >> Size information doesn't buy you that much. > > When we are talking about a binary blob that matches the *same* md5sum? Yes, > it does. Causing a MD5 colision with a message of the same size is far more > difficult. Oh, in this case, please show us a collision of two messages of 641 and 642 bytes. 8-) AFAIK, the currently published attacks do not work well against the final block with padding, so it's still not possible to change the length. >> > AND the fact that it needs to be a valid .deb archive, they are >> > probably more than strong enough. >> >> That, and the "evil twin" package would have to be prepared by the >> securty team as well, which isn't a relevant scenario (because they > > Would it? With the currently published attacks, yes. If significantly better attacks appear, they might also apply to message digests in the same family, so this is only a slightly convincing argument for replacing MD5 with SHA-1 (or even SHA-256 ). Actually, there isn't much Debian can do, other than to wait. We don't share many of the problems because or protocols are proprietary, and we've got a working software distribution process to end users. Lots of other stuff (especially in the IETF context, think appliances) needs to preserve interoperability with other people's code, or can't be field-upgraded. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Time to replace MD5?
Mike Hommey wrote: On Wed, Jun 13, 2007 at 10:37:26AM -0300, Henrique de Moraes Holschuh <[EMAIL PROTECTED]> wrote: On Wed, 13 Jun 2007, Florian Weimer wrote: On Tue, 12 Jun 2007, Touko Korpela wrote: Debian Security Advisories currently contain MD5 checksums. As MD5 is no longer strong enough, maybe it should be replaced by SHA1 or SHA256? When combined with size information Size information doesn't buy you that much. When we are talking about a binary blob that matches the *same* md5sum? Yes, it does. Causing a MD5 colision with a message of the same size is far more difficult. Especially when it has to be a valid .deb file (which means an ar archive of 2 correctly gzipped tar files) But did somebody check if dpkg handle correctly (error) if there are extra data after a gz or at the end of a dpkg? ciao cate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Time to replace MD5?
On Tuesday 12 June 2007 22.41:23 Touko Korpela wrote: > Debian Security Advisories currently contain MD5 checksums. As MD5 is no > longer strong enough, maybe it should be replaced by SHA1 or SHA256? Strong enough for what? You can get an md5 collision quite easily, but is 2nd preimage also broken? Note that you'd not only need a 2nd preimage for a given .deb, but the resulting file also needs to have the same size as the original and be a valid deb package. quite a lot of conditions there. cheers -- vbi -- OpenPGP encrypted mail welcome - my key: http://fortytwo.ch/gpg/92082481 signature.asc Description: This is a digitally signed message part.
Re: Time to replace MD5?
On Wed, Jun 13, 2007 at 10:37:26AM -0300, Henrique de Moraes Holschuh <[EMAIL PROTECTED]> wrote: > On Wed, 13 Jun 2007, Florian Weimer wrote: > > > On Tue, 12 Jun 2007, Touko Korpela wrote: > > >> Debian Security Advisories currently contain MD5 checksums. As MD5 is no > > >> longer strong enough, maybe it should be replaced by SHA1 or SHA256? > > > > > > When combined with size information > > > > Size information doesn't buy you that much. > > When we are talking about a binary blob that matches the *same* md5sum? Yes, > it does. Causing a MD5 colision with a message of the same size is far more > difficult. Especially when it has to be a valid .deb file (which means an ar archive of 2 correctly gzipped tar files) Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Time to replace MD5?
On Wed, 13 Jun 2007, Florian Weimer wrote: > > On Tue, 12 Jun 2007, Touko Korpela wrote: > >> Debian Security Advisories currently contain MD5 checksums. As MD5 is no > >> longer strong enough, maybe it should be replaced by SHA1 or SHA256? > > > > When combined with size information > > Size information doesn't buy you that much. When we are talking about a binary blob that matches the *same* md5sum? Yes, it does. Causing a MD5 colision with a message of the same size is far more difficult. > > AND the fact that it needs to be a valid .deb archive, they are > > probably more than strong enough. > > That, and the "evil twin" package would have to be prepared by the > securty team as well, which isn't a relevant scenario (because they Would it? -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Time to replace MD5?
* Henrique de Moraes Holschuh: > On Tue, 12 Jun 2007, Touko Korpela wrote: >> Debian Security Advisories currently contain MD5 checksums. As MD5 is no >> longer strong enough, maybe it should be replaced by SHA1 or SHA256? > > When combined with size information Size information doesn't buy you that much. > AND the fact that it needs to be a valid .deb archive, they are > probably more than strong enough. That, and the "evil twin" package would have to be prepared by the securty team as well, which isn't a relevant scenario (because they could put a backdoor in the original without attacking the hash). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]