From owner-freebsd-ports Mon Mar 12 3:30: 9 2001 Delivered-To: freebsd-ports@freebsd.org Received: from blues.jpj.net (blues.jpj.net [204.97.17.146]) by hub.freebsd.org (Postfix) with ESMTP id C5DB237B718; Mon, 12 Mar 2001 03:29:58 -0800 (PST) (envelope-from trevor@jpj.net) Received: from localhost (trevor@localhost) by blues.jpj.net (8.11.1/8.11.1) with ESMTP id f2CBTv015817; Mon, 12 Mar 2001 06:29:57 -0500 (EST) Date: Mon, 12 Mar 2001 06:29:57 -0500 (EST) From: Trevor Johnson To: Maxim Sobolev Cc: Kris Kennaway , , Alistair Crooks Subject: Re: new message digest support in pkgsrc (fwd) In-Reply-To: <3AAC9B99.159B7527@FreeBSD.org> Message-ID: <20010312052254.X2937-100000@blues.jpj.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > A scheme has been described which is computationally expensive but not > > infeasible. See the references I gave. > > I did not mean md5 attack, I meant scheme of attack using trojaned distfile specially tailored in such a way > that its md5 checksum matches original one. This attack while possible in principle, but have the following > difficulties, that turn its possibility close to 0: > > - attacker should specially tailor trojaned distfile to have the same checksum as original one (md5 attack); > > - attacker should put trojaned distfile onto one of the MASTER_SITES; This is as difficult as opening an account at sourceforge.net, tripod.com, nbci.com, or geocities.com, and starting a software project which a FreeBSD committer will consider worth adding to the ports collection. Someone capable of breaking MD5 would surely have no difficulty. > - attacker should ensure somehow that the victim will fetch trojaned distfile from that site; It is almost a matter of course that the master site is listed in MASTER_SITES, so this was taken care of already. > - attacker should ensure that the victim will build that package. Well, the attacker may not have a particular victim in mind. Perhaps his purposes would be served if he had many victims and many unaffected users. Then it would be sufficient to let FreeBSD's package-building system prepare the package for distribution on CD-ROM, or to choose a software license that would prohibit packages from being distributed (perhaps one that would prohibit mirroring). Such licenses do not seem to raise suspicion. If he had a particular victim in mind, and for some reason wanted everyone else to be unaffected, then the malicious code could check for something particular to that victim's system(s)--its IP address, for example. Some social engineering might be needed in convincing the victim to install the package, especially because it would be easiest to create a new software project rather than subverting an existing one. Depending on the hacker's goals, the expense of constructing the colliding distfiles might not be worthwhile for a single victim (except a large institutional one). Another kind of attack would probably be more suitable, for a single victim. If these things were considered truly difficult, we would be using a simple CRC check, for example cksum(1), rather than MD5 to check the integrity of files. That would be adequate to detect non-malicious changes. > > addressed as well. Their existence is not a reason not to adopt longer > > hashes, any more than the existence of bad drivers on the roadways is a > > reason not to drive carefully or wear a seat belt, or even both at the > > same time. > > Well, in my view another analogy is more appropriate here: existence of air bags doesn't mean that they > should be installed on each transportation device, even where it could not help anyway, say bicycle, air > plane, motorcycle and so on. In MD5, we've had a 128-bit "air bag" for the "driver" since 1994 (bsd.port.mk revision 1.79). I'm just saying that the "sodium azide" in it is getting "stale" and I would like 160-bit ones for the "passengers" and "side doors" like those I've seen on "newer cars". Even though I haven't heard of an abundance of tragic "airbag-related fatalities" with those "cars" I'm happy to have a "disabling switch" in the design, so you can protect yourself from the possibility. Yes, if they gave out licenses for making analogies, mine would be revoked, I know. :-) -- Trevor Johnson http://jpj.net/~trevor/gpgkey.txt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message