Date: Mon, 12 Mar 2001 04:11:20 -0500 (EST) From: Trevor Johnson <trevor@jpj.net> To: Maxim Sobolev <sobomax@FreeBSD.ORG> Cc: Kris Kennaway <kris@obsecurity.org>, <ports@FreeBSD.ORG>, Alistair Crooks <agc@pkgsrc.org> Subject: Re: new message digest support in pkgsrc (fwd) Message-ID: <20010312034212.A2937-100000@blues.jpj.net> In-Reply-To: <3AAC89C9.AC5B544D@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I'd like to see: > > - the 160-byte hashes permitted (not required) in the distinfo file. > > - a "makesum" target which generates all three hashes, using openssl. > > - a "checksum" target which uses whichever hashes exist in distinfo. > > All this applies only if we presume that the checksum checking has any strong security associated with > it. I have strong doubts about that, because: > 1. No effective attack scheme has been shown yet; A scheme has been described which is computationally expensive but not infeasible. See the references I gave. Perhaps you mean that we should wait for black-hat hackers to demonstrate the ineffectiveness of MD5 by conducting attacks on us. If we knew which files were involved in the attack, then we could suddenly change to another hash, calculate the new hashes without inspecting the contents of each file, and be fine. If we didn't know which files were compromised (for example, if the hackers didn't tell us), then we'd have a problem. > 2. I feel that it is much easier to make a new cvsup/mirror server, that will distribute fake > distinfo's/trojaned distfiles for selected clients, than perform costly hash search. As I said, I don't want to force anyone--porter or ports user--to calculate hashes they don't want to calculate. I realize that some people still rely on '386 computers, and that FreeBSD needs to run on those. I acknowledge that there are other attacks which (at least now) are probably much easier than the one I described. If it's practical, those should be addressed as well. Their existence is not a reason not to adopt longer hashes, any more than the existence of bad drivers on the roadways is a reason not to drive carefully or wear a seat belt, or even both at the same time. -- Trevor Johnson http://jpj.net/~trevor/gpgkey.txt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010312034212.A2937-100000>