Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]

2007-04-09 Thread Carlos E. R. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


The Monday 2007-04-09 at 14:21 -0800, John Andersen wrote:

> As is usual for this board, the entire topic has now spiraled out of
> control into a fit of paranoia, fear, and suspicion.

I disagree.

We are just considering the theoretical posibilities of compromising 
checksums.

I'm the one that started this thread and I'm not afraid: just curious.


- -- 
Cheers,
   Carlos E. R.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFGGsUqtTMYHG2NR9URAjl6AJ9/yEAYnRlvASUZpqJJtba7szPqugCdHp75
eS+VH+D1XrkK/2bFn3ijncY=
=N8Nw
-END PGP SIGNATURE-

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]

2007-04-09 Thread David Brodbeck 
John Andersen wrote:
> Unless the checksum's are signed, getting the pgp key will do you no good.
>   

Creating a checksum, then signing it, is an unnecessary extra step.  GPG
can generate a signature for a file all  by itself.  It's pretty common
for sites to include signature files for downloads that are
security-related.  Many package managers automatically check signatures
on files they download, making the whole thing automatic and painless.

> If you suppose that the web site can be easily compromised, why not order
> a CDrom?
>   

That's an option, too.  But why ship physical media around when you can
download bits? :)

> As is usual for this board, the entire topic has now spiraled out of
> control into a fit of paranoia, fear, and suspicion.
>   

It's not paranoia if they're really out to get you. ;)  Debian had a
server compromised a year or two ago.  It happens.
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]

2007-04-09 Thread John Andersen 
On Monday 09 April 2007, David Brodbeck wrote:
> Michael Skiba wrote:
> > ...sure it'll be possible to have two files with the same,
> > the point is, that it is almost impossible to make use of it to attack
> > something, since the file with the same md5sum must be valid and
> > contains the
> > destructive code and this will be rather difficult.
>
> Right.  On the other hand, if someone has access to the web server to
> plant their malicious files, they also have access to the files that
> hold the checksums.  So in practice checksums are good protection
> against files corrupted in transit, but rather weak protection against
> malicious modifications.  To check for that, you'd use PGP and get the
> public key from a keyserver or some other source, *not* from the
> webserver you downloaded the file from.

Unless the checksum's are signed, getting the pgp key will do you no good.
If you suppose that the web site can be easily compromised, why not order
a CDrom?

As is usual for this board, the entire topic has now spiraled out of
control into a fit of paranoia, fear, and suspicion.

Perhaps there are people who should not use computers at all.

-- 
_
John Andersen
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]

2007-04-09 Thread David Brodbeck 
Michael Skiba wrote:
> ...sure it'll be possible to have two files with the same,
> the point is, that it is almost impossible to make use of it to attack
> something, since the file with the same md5sum must be valid and
> contains the
> destructive code and this will be rather difficult.

Right.  On the other hand, if someone has access to the web server to
plant their malicious files, they also have access to the files that
hold the checksums.  So in practice checksums are good protection
against files corrupted in transit, but rather weak protection against
malicious modifications.  To check for that, you'd use PGP and get the
public key from a keyserver or some other source, *not* from the
webserver you downloaded the file from.

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]

2007-04-09 Thread James Knott 

jdd wrote:

Michael Skiba wrote:

something, since the file with the same md5sum must be valid and 
contains the destructive code and this will be rather difficult.


not so sure.

it's usually possible to include in any file dummy code (at the end, 
by example), never executed, but this allow to adjust a file.


it's also possible to delete some part of the code, most application 
have very rarely used code one can delete without notice


so, in theory, it's possible to change an application working and 
adapt to have the same md5sum.


but I nevre heard of such thing so this may be very difficult to acheive.

if it's not possible to have a calculation of the missing code (ie 
md5sum1 - md5sum2 gives the code to add), finding the necessary code 
may be impossible


jdd

Making any change to the original file causes a significant change to 
the md5sum.  Adding or deleting a small amount of code would be 
noticable.  You'd have to come up with some method of retaining the same 
md5sum, while encorporating those changes. Perhaps you should read up on 
md5sum and hashing to understand why it's so difficult to sneak in any 
change.



--
Use OpenOffice.org 
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]

2007-04-09 Thread jdd 

Michael Skiba wrote:

something, since the file with the same md5sum must be valid and contains the 
destructive code and this will be rather difficult.


not so sure.

it's usually possible to include in any file dummy code (at the end, 
by example), never executed, but this allow to adjust a file.


it's also possible to delete some part of the code, most application 
have very rarely used code one can delete without notice


so, in theory, it's possible to change an application working and 
adapt to have the same md5sum.


but I nevre heard of such thing so this may be very difficult to acheive.

if it's not possible to have a calculation of the missing code (ie 
md5sum1 - md5sum2 gives the code to add), finding the necessary code 
may be impossible


jdd

--
http://www.dodin.net
Lucien Dodin, inventeur
http://lucien.dodin.net/index.shtml
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]

2007-04-09 Thread Michael Skiba 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am Montag, 9. April 2007 13:57 schrieb Carlos E. R.:
> The Monday 2007-04-09 at 07:28 -0400, James Knott wrote:
> > Bear in mind an md5sum is only 128 bits.  It is impossible for there to
> > be only one file that results in that sum, given that a file can be any
> > size, with any value in each of the bytes.  However, it's virtually
> > impossible to change a file so that it has the same md5sum and is still
> > sensible in the intended application.  A small change in the original
> > file makes a big change in the md5sum.
>
> Exactly.
>
> But it will also be possible to find several files of the same size that
> produce the same checksum. I have no idea how many, but there will be a
> number that I think could be calculated.
Of course not, if I calculated it right there are
20370359763344860862684456884093781610514683936659362506361404493543\
81299763336706183397376 (a 32 char long string, which contains a-f (6) and 0-9 
(10), so 32^60, right?)
possible md5sums, so sure it'll be possible to have two files with the same, 
the point is, that it is almost impossible to make use of it to attack 
something, since the file with the same md5sum must be valid and contains the 
destructive code and this will be rather difficult.

Cheers
Michael
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGGkHucHwbW/zlOZoRAs+HAKCU2r2vURni4QfdZ6m/aUzlGFwfmgCgiunb
LtMCdg6Gw2elHc1PJmQMFDY=
=pTcH
-END PGP SIGNATURE-
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]

2007-04-09 Thread Carlos E. R. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


The Monday 2007-04-09 at 07:28 -0400, James Knott wrote:

> Bear in mind an md5sum is only 128 bits.  It is impossible for there to
> be only one file that results in that sum, given that a file can be any
> size, with any value in each of the bytes.  However, it's virtually
> impossible to change a file so that it has the same md5sum and is still
> sensible in the intended application.  A small change in the original
> file makes a big change in the md5sum.

Exactly.

But it will also be possible to find several files of the same size that 
produce the same checksum. I have no idea how many, but there will be a 
number that I think could be calculated.

- -- 
Cheers,
   Carlos E. R.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFGGipWtTMYHG2NR9URAqKhAJ4m0GKdgUA0tYlU3mpQNQAAg81+fgCfceon
PB4X3bUiR680cBRmp7lBgn0=
=KuzZ
-END PGP SIGNATURE-

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]

2007-04-09 Thread James Knott 
Carlos E. R. wrote:
>
> The Sunday 2007-04-08 at 23:43 -0700, David Brodbeck wrote:
>
> > Ryouga Hibiki wrote:
> >> PS: Unless you know that there's a way to change a package without
> >> modifying the integrity of these (MD5SUM), is that possible?
> > I *think* it's been shown that it's possible to create two different
> > files that have the same MD5 checksum.  
>
> Curious!
>
> I was thinking of that the other day while falling sleep. It is obviously
> possible: if it weren't, then we could use the checksum instead of the
> original file as a brutally effective compression technique. There
> will be
> then several (many?) files of the same size having the same checksum.
>
> > Exploiting this would require
> > creating a *meaningful* file with the same checksum as the original,
> > though, which is much more difficult.
>
> Not knowing the in depth mathematical analysis of checksums, my educated
> guess is that a checksum protects against the chance corruption of a file
> in transmission, affecting one or many, but not all, of its bytes. It
> will
> not protect against the deliberate attempt to generate a file of the same
> size and checksum; but generating one such file that is a valid file of
> the same format I imagine could be an herculean task.
>
>
> In the case of the SuSE iso images, the task would be terrible difficult:
> each rpm inside the iso has also checksums, plus a pgp signature.
>
>
Bear in mind an md5sum is only 128 bits.  It is impossible for there to
be only one file that results in that sum, given that a file can be any
size, with any value in each of the bytes.  However, it's virtually
impossible to change a file so that it has the same md5sum and is still
sensible in the intended application.  A small change in the original
file makes a big change in the md5sum.


-- 
Use OpenOffice.org 

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]