Re: dpkg-sig support wanted?
On Saturday 26 November 2005 01:13, Anthony Towns wrote:
> On Fri, Nov 25, 2005 at 07:59:40PM +0100, Florian Weimer wrote:
> > * Anthony Towns:
> > > (I'm amazed the security "crisis" we're having is about deb sigs
> > > *again*, when we're still relying on md5sum which has a public exploit
> > > available now...)
> > These exploits are irrelevant as far as the Debian archive is
> > concerned. (And that's not because hardly any sarge user verifies the
> > MD5 hashes, by the way. 8-)
> Uh. You're seriously putting your reputation on that claim?
> And md5 hashes have been verified since either slink or potato depending
> on when you started using apt; possibly earlier if dselect methods used
> them like they should have. debootstrap certainly verified them for
> woody. And heck, they've been used in .changes since day 0.
> > Moving away from MD5 is certainly not a bad idea, but it's not clear
> > whether the alternatives are any better. Sure, everyone recommends
> > SHA-256 at this stage, but nobody can give a rationale.
> MD5 is broken; SHA-1 is where MD5 was a couple of years ago, SHA256 (or
> higher) are significantly harder to break in practice, and there's
> nothing better yet.
Even using weak hash sum algorythms you can easily make the hash collider life
tremendously difficult by simply having more than one (ok two should be
enough) hash sums generated with _different_ (weak?) algorythms on the same
entity. Searching for parallel meaningful collisions is despairing job. For
example the Release file stores two hash sums for the same entities.
pub 4096R/0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu>
fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB