[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums files

Erik de Castro Lopo <erikd@mega-nerd.com> writes:

> Russ Allbery wrote:
>> Wouter Verhelst <wouter@debian.org> writes:
>> > Or is it useful to be able to say "if it doesn't check out, it's
>> > certainly corrupt, and if it does check out, it may be corrupt"? Didn't
>> > think so.
>> I don't understand why you say this.  Cryptographic attacks on MD5 aren't
>> going to happen as a result of random file corruption.  The MD5 checksums
>> are still very effective at finding file corruption or modification from
>> what's in the Debian package unless that modification was done by a
>> sophisticated attacker (MD5 preimage attacks are still not exactly easy).
>> Detecting compromises is useful, but only a small part of what the MD5
>> checksums are useful for.
> If the machine has been compromised, *nothing* on the machine can be
> trusted, whether its gpg signed or not. However, for detecting corruptions

Surely you are wrong. While you can not trust the gpg binary on the
compromised system the signatures will still hold. You just need to boot
from a live CD and use a garantied clean gpg and keyring to verify them.

> and the local sysadmin meddling Russ mentioned, md5sum is more than adequate
> and using something 'more secure' than md5sum is overkill.

Due to the lack of a signature on the md5sum file the file can not be
tusted fo security purposes at all. And for detecting unintentional
changes md5sum is plenty strong enough.

But imagine the file would be signed or a signature could be gotten
through a safe channel. Then the file could be used for a security audit
as well and something stronger would be benefitial. A simple way would
be create a shasum file (instead of md5) and to include a hash of said
file in Packages.gz. 

> Erik


Reply to: