Fwd: Fwd: Fwd: question regarding verification of a debian installation iso
-- Forwarded message -- From: Robert Tomsick rob...@tomsick.net Date: Mon, Jan 3, 2011 at 7:52 PM Subject: Re: Fwd: Fwd: question regarding verification of a debian installation iso To: Naja Melan najame...@gmail.com On Mon, 2011-01-03 at 19:23 +0100, Naja Melan wrote: If the author of such instructions would be forced to justify say md5, I am quite confident that md5 would instantly be scrapped and replaced by better algorithm and we would instantly already have better and safer instructions. Given the attacks on MD5, it's useful as a check against corruption but basically useless against tampering. Implicitly suggesting otherwise (such as by presenting MD5 hashes as an alternative to SHA/RIPEMD hashes) is IMHO a rather bad idea, especially since the folks who need instructions on its use are likely to be unaware of its flaws. Still, this is a relatively minor issue since Debian also provides SHA-1 hashes alongside the MD5 ones. As far as the problem of trust, I really don't understand why HTTPS isn't the default for the page(s) serving the checksums. Yes, there are still a ton of ways that the sums could be altered (compromise of project servers, CA coercion/negligence + MITM, shadowy cabals, etc.) -- but that doesn't mean that we shouldn't try to raise the bar for attackers! Naja makes a good point: right now the only requirement to compromise a novice user's installation is to be able to conduct some form of MITM on their connection. If they're not a GPG user and download a Debian ISO over, say, a publicly-accessible wireless network or a sniffable LAN they're basically screwed -- at that point they've got to bank on not being worth attacking. Now it's true that that could be a pretty safe bet (it is for me) -- but I don't think it's one that we should force novice users to make.
Fwd: Fwd: Fwd: question regarding verification of a debian installation iso
sorry if this is a double post, but i got some mailer-deamon writing to me... and I think the original did not go to the list. -- Forwarded message -- From: Robert Tomsick rob...@tomsick.net Date: Mon, Jan 3, 2011 at 7:52 PM Subject: Re: Fwd: Fwd: question regarding verification of a debian installation iso To: Naja Melan najame...@gmail.com On Mon, 2011-01-03 at 19:23 +0100, Naja Melan wrote: If the author of such instructions would be forced to justify say md5, I am quite confident that md5 would instantly be scrapped and replaced by better algorithm and we would instantly already have better and safer instructions. Given the attacks on MD5, it's useful as a check against corruption but basically useless against tampering. Implicitly suggesting otherwise (such as by presenting MD5 hashes as an alternative to SHA/RIPEMD hashes) is IMHO a rather bad idea, especially since the folks who need instructions on its use are likely to be unaware of its flaws. Still, this is a relatively minor issue since Debian also provides SHA-1 hashes alongside the MD5 ones. As far as the problem of trust, I really don't understand why HTTPS isn't the default for the page(s) serving the checksums. Yes, there are still a ton of ways that the sums could be altered (compromise of project servers, CA coercion/negligence + MITM, shadowy cabals, etc.) -- but that doesn't mean that we shouldn't try to raise the bar for attackers! Naja makes a good point: right now the only requirement to compromise a novice user's installation is to be able to conduct some form of MITM on their connection. If they're not a GPG user and download a Debian ISO over, say, a publicly-accessible wireless network or a sniffable LAN they're basically screwed -- at that point they've got to bank on not being worth attacking. Now it's true that that could be a pretty safe bet (it is for me) -- but I don't think it's one that we should force novice users to make.
