Re: md5 hashes used in security announcements
On Sat, Oct 25, 2008 at 02:33, Kees Cook <[EMAIL PROTECTED]> wrote: > [...] > > Additionally, it doesn't matter -- it's just the md5 in the email > announcement. The Release and Packages files for the archive have SHA1 > and SHA256. The md5 from the announcement is almost not important, > IMO -- no one should download files individually from the announcement. If no one should download files individually from the announcement, there's no point in including that long list of package URLs and hashes in the announcements at all. It would be enough to say, "Please use apt or your favorite package manager to download the packages for your system." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
On Fri, Oct 24, 2008 at 10:35:52PM +0200, Sjors Gielen wrote: > Kees Cook wrote: > > Additionally, it doesn't matter -- it's just the md5 in the email > > announcement. The Release and Packages files for the archive have SHA1 > > and SHA256. The md5 from the announcement is almost not important, > > IMO -- no one should download files individually from the announcement. > > So if the Release and Packages files are using SHA1 and SHA256, why > aren't the announcements? That's up to the people that control the template, but I would assume because the template is based off of the changes files which until very recently, only had md5s. And besides, why make the announcement emails even longer? :) -- Kees Cook@outflux.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
* Raphael Geissert: > Yeah, but remember that the "bad" version must also be a valid .deb file with > something inside that does work; otherwise you may just be able to get some > random stuff with the same file size and md5 sum but without any use. These days, you can generate meaningful collisions, perhaps not even obviously part of an evil twin pair, provided the plaintexts share a common prefix. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
Kees Cook wrote: > Additionally, it doesn't matter -- it's just the md5 in the email > announcement. The Release and Packages files for the archive have SHA1 > and SHA256. The md5 from the announcement is almost not important, > IMO -- no one should download files individually from the announcement. So if the Release and Packages files are using SHA1 and SHA256, why aren't the announcements? Sjors -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
On Fri, Oct 24, 2008 at 03:12:20PM -0500, Raphael Geissert wrote: > Bas Steendijk wrote: > > > > 2 files with a colliding hash can only be made by someone who can > > influence the creation of the file (thus, someone inside debian). he can > > make a "good" and a "bad" version of a package with the same MD5, and > > the same size. for someone to make a file with the same hash without > > influence in the creation of the original file would be a preimage attack. > > Yeah, but remember that the "bad" version must also be a valid .deb file with > something inside that does work; otherwise you may just be able to get some > random stuff with the same file size and md5 sum but without any use. Additionally, it doesn't matter -- it's just the md5 in the email announcement. The Release and Packages files for the archive have SHA1 and SHA256. The md5 from the announcement is almost not important, IMO -- no one should download files individually from the announcement. -- Kees Cook@outflux.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
Bas Steendijk wrote: > > 2 files with a colliding hash can only be made by someone who can > influence the creation of the file (thus, someone inside debian). he can > make a "good" and a "bad" version of a package with the same MD5, and > the same size. for someone to make a file with the same hash without > influence in the creation of the original file would be a preimage attack. Yeah, but remember that the "bad" version must also be a valid .deb file with something inside that does work; otherwise you may just be able to get some random stuff with the same file size and md5 sum but without any use. P.S. I'm not saying it is impossible (I actually don't know, but let's assume that it is), but chances aren't high. Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
Florian Weimer wrote: * Bas Steendijk: i have sent an email a while ago about the security implications of using MD5 hashes in the security announcements (DSA), but i didn't get any reply at all from this. has it been overlooked? I don't know to which address you sent the address, so I don't know if it's been overlooked. My general take on this issue is that for this particular purpose, we will stop using MD5 when someone comes up with an actual collision for a hash published in a DSA. It's not that these hashes are used for automated processing. We can't do anything about the old DSAs containing MD5 hashes anyway. 2 files with a colliding hash can only be made by someone who can influence the creation of the file (thus, someone inside debian). he can make a "good" and a "bad" version of a package with the same MD5, and the same size. for someone to make a file with the same hash without influence in the creation of the original file would be a preimage attack. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
Florian Weimer <[EMAIL PROTECTED]> (24/10/2008): > I don't know to which address you sent the address, so I don't know if > it's been overlooked. [EMAIL PROTECTED] aka. http://lists.debian.org/debian-security/2008/10/msg00030.html Mraw, KiBi. signature.asc Description: Digital signature
Re: md5 hashes used in security announcements
* Bas Steendijk: > i have sent an email a while ago about the security implications of > using MD5 hashes in the security announcements (DSA), but i didn't get > any reply at all from this. has it been overlooked? I don't know to which address you sent the address, so I don't know if it's been overlooked. My general take on this issue is that for this particular purpose, we will stop using MD5 when someone comes up with an actual collision for a hash published in a DSA. It's not that these hashes are used for automated processing. We can't do anything about the old DSAs containing MD5 hashes anyway. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
On Fri, Oct 24, 2008 at 04:01:23PM +0200, Nico Golde wrote: > Hi Bas, > * Bas Steendijk <[EMAIL PROTECTED]> [2008-10-24 15:44]: > > i have sent an email a while ago about the security implications of using > > MD5 > > hashes in the security announcements (DSA), but i didn't get any reply at > > all > > from this. has it been overlooked? > > I guess not, it's just strange that you think this is not > known to us. Is there a bug number ? Regards, Paddy -- Segmentation fault (core dumped): .sig too big -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
Hi Bas, * Bas Steendijk <[EMAIL PROTECTED]> [2008-10-24 15:44]: > i have sent an email a while ago about the security implications of using MD5 > hashes in the security announcements (DSA), but i didn't get any reply at all > from this. has it been overlooked? I guess not, it's just strange that you think this is not known to us. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgp74Kuz8cxIk.pgp Description: PGP signature
md5 hashes used in security announcements
i have sent an email a while ago about the security implications of using MD5 hashes in the security announcements (DSA), but i didn't get any reply at all from this. has it been overlooked? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
Johann Spies wrote: On Fri, Oct 24, 2008 at 12:12:40PM +0200, Maciej Korze?? wrote: You can crack hashes on-line for free at http://www.freerainbowtables.com/. I have tried, but when I paste a hash into the window and click on submit, I get the message: 'no hash found'. I could so far not find out what format the hash must have to be accepted. Regards Johann rainbow tables are useless (or near useless) against salted hashes (as used in linux) so you can forget about cracking it this way. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
On Fri, Oct 24, 2008 at 12:12:40PM +0200, Maciej Korze?? wrote: > You can crack hashes on-line for free at http://www.freerainbowtables.com/. I have tried, but when I paste a hash into the window and click on submit, I get the message: 'no hash found'. I could so far not find out what format the hash must have to be accepted. Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "Do all things without murmurings and disputings: That ye may be blameless and harmless, the sons of God, without rebuke, in the midst of a crooked and perverse nation, among whom ye shine as lights in the world;" Philippians 2:14,15 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
Ed Wiget wrote: > [...] > the open source rainbow tables are about 121GB (if my memory serves me > correctly) and are only available via bittorrent. I think it took me about 2 > months to download them. http://www.antsight.com/zsl/rainbowcrack/ > [...] You can crack hashes on-line for free at http://www.freerainbowtables.com/. -- Maciej Korzeń [EMAIL PROTECTED], [EMAIL PROTECTED] cell phone: +48 506 671 586 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
Johan 'yosh' Marklund <[EMAIL PROTECTED]> wrote: > the open source rainbow tables are about 121GB (if my memory > serves me correctly) and are only available via bittorrent. > I think it took me about 2 months to download them. > http://www.antsight.com/zsl/rainbowcrack/ Out of interest, how long do you estimate it would have taken you to generate them locally? Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
Also, something to consider, if you (or an attacker) have physical or remote access, game is over anywaysirregardless of passwords. Interesting point: this server is a Xen-domU and although I have access to the physical server, it is a bit more complicated to do interrupt the boot process to get root access. If the root-filesystem of the domU is not encrypted you can just halt the server and mount the filesystem in the dom0. Ciao, Alberto. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
On Thu, Oct 23, 2008 at 09:27:56AM -0400, Ed Wiget wrote: > If you are not trying to break in and just testing windows passwords, then I > assume you also have access to the real passwords and usernames. Why don't > you just import them into linux and test them from there. My reasoning is > that if john can determine the passwords relatively quickly, then the > passwords are too weak. I am doing it on Linux. It is actually my own password on a server that I forgot. I can use other means (like ssh into the machine using public key authentication and sudo) to change the password, but I am curious about two things: Why I could not remember it and how to use Linux tools to crack it. > I did some performance testing on john using a dual core patch vs single core > at http://www.edwiget.name/content/view/195/27/ > > the open source rainbow tables are about 121GB (if my memory serves me > correctly) and are only available via bittorrent. I think it took me about 2 > months to download them. http://www.antsight.com/zsl/rainbowcrack/ Yes I know they are huge. But how would you use when targeting Linux passwords? As some said on this list it does not seem practical to use rainbow tables on Linux passwords. > Also, something to consider, if you (or an attacker) have physical or remote > access, game is over anywaysirregardless of passwords. Interesting point: this server is a Xen-domU and although I have access to the physical server, it is a bit more complicated to do interrupt the boot process to get root access. Thanks to all the people contributing to this thread. Regards. Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "Do all things without murmurings and disputings: That ye may be blameless and harmless, the sons of God, without rebuke, in the midst of a crooked and perverse nation, among whom ye shine as lights in the world;" Philippians 2:14,15 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]