From owner-freebsd-ports Mon Mar 12 1:50:18 2001 Delivered-To: freebsd-ports@freebsd.org Received: from blizzard.sabbo.net (ns.sabbo.net [193.193.218.18]) by hub.freebsd.org (Postfix) with ESMTP id 00F9837B718 for ; Mon, 12 Mar 2001 01:50:09 -0800 (PST) (envelope-from sobomax@FreeBSD.org) Received: from vic.sabbo.net (root@vic.sabbo.net [193.193.218.112]) by blizzard.sabbo.net (8.10.1/8.10.1) with ESMTP id f2C9nVJ04475; Mon, 12 Mar 2001 11:49:35 +0200 Received: from FreeBSD.org (big_brother.vega.com [192.168.1.1]) by vic.sabbo.net (8.11.2/8.11.2) with ESMTP id f2C9nFG39657; Mon, 12 Mar 2001 11:49:15 +0200 (EET) (envelope-from sobomax@FreeBSD.org) Message-ID: <3AAC9B99.159B7527@FreeBSD.org> Date: Mon, 12 Mar 2001 11:49:14 +0200 From: Maxim Sobolev Organization: Vega International Capital X-Mailer: Mozilla 4.76 [en] (WinNT; U) X-Accept-Language: uk,ru,en MIME-Version: 1.0 To: Trevor Johnson Cc: Kris Kennaway , ports@FreeBSD.org, Alistair Crooks Subject: Re: new message digest support in pkgsrc (fwd) References: <20010312034212.A2937-100000@blues.jpj.net> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Trevor Johnson wrote: > > > I'd like to see: > > > - the 160-byte hashes permitted (not required) in the distinfo file. > > > - a "makesum" target which generates all three hashes, using openssl. > > > - a "checksum" target which uses whichever hashes exist in distinfo. > > > > All this applies only if we presume that the checksum checking has any strong security associated with > > it. I have strong doubts about that, because: > > 1. No effective attack scheme has been shown yet; > > A scheme has been described which is computationally expensive but not > infeasible. See the references I gave. I did not mean md5 attack, I meant scheme of attack using trojaned distfile specially tailored in such a way that its md5 checksum matches original one. This attack while possible in principle, but have the following difficulties, that turn its possibility close to 0: - attacker should specially tailor trojaned distfile to have the same checksum as original one (md5 attack); - attacker should put trojaned distfile onto one of the MASTER_SITES; - attacker should ensure somehow that the victim will fetch trojaned distfile from that site; - attacker should ensure that the victim will build that package. > Perhaps you mean that we should wait for black-hat hackers to demonstrate > the ineffectiveness of MD5 by conducting attacks on us. If we knew which > files were involved in the attack, then we could suddenly change to > another hash, calculate the new hashes without inspecting the contents > of each file, and be fine. If we didn't know which files were compromised > (for example, if the hackers didn't tell us), then we'd have a problem. > > > 2. I feel that it is much easier to make a new cvsup/mirror server, that will distribute fake > > distinfo's/trojaned distfiles for selected clients, than perform costly hash search. > > As I said, I don't want to force anyone--porter or ports user--to > calculate hashes they don't want to calculate. I realize that some people > still rely on '386 computers, and that FreeBSD needs to run on those. I > acknowledge that there are other attacks which (at least now) are probably > much easier than the one I described. If it's practical, those should be > addressed as well. Their existence is not a reason not to adopt longer > hashes, any more than the existence of bad drivers on the roadways is a > reason not to drive carefully or wear a seat belt, or even both at the > same time. Well, in my view another analogy is more appropriate here: existence of air bags doesn't mean that they should be installed on each transportation device, even where it could not help anyway, say bicycle, air plane, motorcycle and so on. -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message