Date: Wed, 9 Oct 2002 16:43:05 -0700 (PDT) From: Mike Hoskins <mike@adept.org> To: Andrew McNaughton <andrew@scoop.co.nz> Cc: Erick Mechler <emechler@techometer.net>, <security@FreeBSD.ORG> Subject: Re: md5 checksum server Message-ID: <20021009163635.V88705-100000@fubar.adept.org> In-Reply-To: <20021010121731.O55435-100000@a2.scoop.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 10 Oct 2002, Andrew McNaughton wrote: > It's interesting then that we use MD5 sums for ports. Well, it's easy and has been done for quite awhile. ;) I think the basic PGP vs. MD5 idea is quite simple... If someone compromises the server the tarball lives on, then they can easily generate a malicious MD5 sum as well. If there was a 3rd party, you may be able to check the downloaded MD5 sum against a "trusted" sum, but the trusted sum couldn't really be trusted if it ultimately came from the same source. With PGP at least, the malicious party may generate a new fingerprint/etc. but it won't have the correct credentials. It's always difficult to figure out best practices in this scenario... Anytime you try to maintain trust while assuming a trusted resource (the server distributing tarballs in our case) has been compromised, you run into a lot of grey areas. (Obviously we want solutions that add trust while creating as little work as possible, and that can not just be "worked around".) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021009163635.V88705-100000>