Re: md5 hashes used in security announcements
Marcin Owsiany wrote: > > It (generating good and bad package with colliding sum) is actually > easier than one might think. The reason is that you can embed any kind > of binary blob inside an executable and make the executable behavior > dependent on the "version" of the blob. I retract what I said then. It looks much easier to do it now than when the first collision was discovered. > > This is shown here for example: > http://www.mscs.dal.ca/~selinger/md5collision/ > It was explained nicely in the "two PostScript files with identical MD5 > hash" demo, but I cannot find it now. > Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
In article <[EMAIL PROTECTED]> you wrote: > I assume, it's tradition from the times, when only few people > used apt-get and friends (and many years apt-get did not have > signature support). A pointer to a "generic" description for > people who don't want to/cannot use apt-get would be sufficient > nowadays. Could someone from the security team correct me? What I would much more prefer is a regularly signed list of (non)announcements. This will make shure that anybody can verify if he is not receiving alerts. If a entity is supressing updates to the list, you see the missing signature. Kinda CRL for Packages. Then the alerts can skip URLs and Checksums, since if there is somebody who parses them (instead of apt) to be shure his mirrors are not a old copy can use the new more reliable list. Gruss Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
* Sjors Gielen: > Kees Cook wrote: >> Additionally, it doesn't matter -- it's just the md5 in the email >> announcement. The Release and Packages files for the archive have SHA1 >> and SHA256. The md5 from the announcement is almost not important, >> IMO -- no one should download files individually from the announcement. > > So if the Release and Packages files are using SHA1 and SHA256, why > aren't the announcements? Historical reasons, from the days where you got Debian on a set of CD-ROMs and repositories were not cryptographically signed. If we change the format of the announcements, we'd rather drop the hashes altogether (and the URLs). The hashes are somewhat hard to verify anyway because you need to follow the Debian project pretty closely to figure out if the signature on the advisory is genuine because it's created by individual developers. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
On Saturday 25 October 2008 09:28:02 W. Martin Borgert wrote: > On 2008-10-25 07:09, Felipe Figueiredo wrote: > > Can anyone please explain why that long list of links and filenames is > > interesting, or point to a link that does? > > I assume, it's tradition from the times, when only few people > used apt-get and friends (and many years apt-get did not have > signature support). A pointer to a "generic" description for > people who don't want to/cannot use apt-get would be sufficient > nowadays. Could someone from the security team correct me? Well, if this is ever going to change, I guess the release of lenny would be a nice time to do so. Any words, sec team? regards FF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
On Fri, Oct 24, 2008 at 03:12:20PM -0500, Raphael Geissert wrote: > Bas Steendijk wrote: > > > > 2 files with a colliding hash can only be made by someone who can > > influence the creation of the file (thus, someone inside debian). he can > > make a "good" and a "bad" version of a package with the same MD5, and > > the same size. for someone to make a file with the same hash without > > influence in the creation of the original file would be a preimage attack. > > Yeah, but remember that the "bad" version must also be a valid .deb file with > something inside that does work; otherwise you may just be able to get some > random stuff with the same file size and md5 sum but without any use. > > P.S. I'm not saying it is impossible (I actually don't know, but let's assume > that it is), but chances aren't high. It (generating good and bad package with colliding sum) is actually easier than one might think. The reason is that you can embed any kind of binary blob inside an executable and make the executable behavior dependent on the "version" of the blob. This is shown here for example: http://www.mscs.dal.ca/~selinger/md5collision/ It was explained nicely in the "two PostScript files with identical MD5 hash" demo, but I cannot find it now. -- Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
On 2008-10-25 07:09, Felipe Figueiredo wrote: > Can anyone please explain why that long list of links and filenames is > interesting, or point to a link that does? I assume, it's tradition from the times, when only few people used apt-get and friends (and many years apt-get did not have signature support). A pointer to a "generic" description for people who don't want to/cannot use apt-get would be sufficient nowadays. Could someone from the security team correct me? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: md5 hashes used in security announcements
On Saturday 25 October 2008 00:20:46 Alexander Konovalenko wrote: > On Sat, Oct 25, 2008 at 02:33, Kees Cook <[EMAIL PROTECTED]> wrote: > > [...] > > > > Additionally, it doesn't matter -- it's just the md5 in the email > > announcement. The Release and Packages files for the archive have SHA1 > > and SHA256. The md5 from the announcement is almost not important, > > IMO -- no one should download files individually from the announcement. > > If no one should download files individually from the announcement, > there's no point in including that long list of package URLs and > hashes in the announcements at all. It would be enough to say, "Please > use apt or your favorite package manager to download the packages for > your system." +1 This is not the first time this subject "collides" in this list, but I don't remember seeing a justification for such a long array of information I never understoo the use for. While I see the point of having an independent source for confirmation in case of panic, if the Release and Package files are to be trusted, it seems the version of the package should be enough, right? Can anyone please explain why that long list of links and filenames is interesting, or point to a link that does? best regards FF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]