From owner-freebsd-security@FreeBSD.ORG Wed Aug 18 20:35:53 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA51616A4CE for ; Wed, 18 Aug 2004 20:35:53 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id F0F8243D1F for ; Wed, 18 Aug 2004 20:35:52 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i7IKZiie006190 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 18 Aug 2004 21:35:44 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i7IKZipu006189; Wed, 18 Aug 2004 21:35:44 +0100 (BST) (envelope-from matthew) Date: Wed, 18 Aug 2004 21:35:44 +0100 From: Matthew Seaman To: Mike Tancsa Message-ID: <20040818203544.GB4900@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Mike Tancsa , "Peter C. Lai" , freebsd-security@freebsd.org References: <200408181724.i7IHORYl013375@bunrab.catwhisker.org> <20040818175804.GI346@cowbert.net> <6.1.2.0.0.20040818141732.04a6e060@64.7.153.2> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="QKdGvSO+nmPlgiQ/" Content-Disposition: inline In-Reply-To: <6.1.2.0.0.20040818141732.04a6e060@64.7.153.2> User-Agent: Mutt/1.5.6i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.6 (smtp.infracaninophile.co.uk [IPv6:::1]); Wed, 18 Aug 2004 21:35:44 +0100 (BST) X-Virus-Scanned: clamd / ClamAV version devel-20040705, clamav-milter version 0.74a on smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: "Peter C. Lai" cc: freebsd-security@freebsd.org Subject: Re: Report of collision-generation with MD5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Aug 2004 20:35:54 -0000 --QKdGvSO+nmPlgiQ/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 18, 2004 at 02:21:18PM -0400, Mike Tancsa wrote: > At 01:58 PM 18/08/2004, Peter C. Lai wrote: > >Well while collisions are cryptographically significant, they don't > >necessarily impact any operational security of the the hash. (Since the > >collision merely means that there are possibly two inputs which will has= h=20 > >to > >the same digest). >=20 >=20 > As I have no crypto background to evaluate some of the (potentially wild= =20 > and erroneous) claims being made in the popular press* (eg=20 > http://news.com.com/2100-1002_3-5313655.html see quote below), one thing= =20 > that comes to mind is the safety of ports. If someone can pad an archive= =20 > to come up with the same MD5 hash, this would challenge the security of t= he=20 > FreeBSD ports system no ? >=20 > * "MD5's flaws that have been identified in the past few days mean that a= n=20 > attacker can generate one hash collision in a few hours on a standard PC.= =20 > To write a specific back door and cloak it with the same hash collision m= ay=20 > be much more time intensive. " At least the SHA-1 hash is still considered secure, and there's a whole series of SHA-nnn functions beyond that. I believe SHA-1 is already used implicitly by FreeBSD as the standard hash function used by gnupg(1) when digitally signing security alerts. Various SHA hashes are already given in a few ports distinfo files -- eg sysutils/coreutils, net/fping, misc/less -- although there seems to be no support in bsd.port.mk for checking anything other than MD5 as yet. I can't see any justification for giving up on MD5 just yet, but should the need eventually arise switching the ports over to an alternative hashing algorithm could be done relatively quickly. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --QKdGvSO+nmPlgiQ/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBI72giD657aJF7eIRAiwEAJ45lAa2amRV5pjixFgeSFVJLjx5mgCfRZNp qNvO90zpGHlm7AMl0kVTG4c= =TQEd -----END PGP SIGNATURE----- --QKdGvSO+nmPlgiQ/--