[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums files

On Wed, Mar 03, 2010 at 03:17:52PM +1100, Erik de Castro Lopo wrote:
> Russ Allbery wrote:
> > Wouter Verhelst <wouter@debian.org> writes:
> > 
> > > Or is it useful to be able to say "if it doesn't check out, it's
> > > certainly corrupt, and if it does check out, it may be corrupt"? Didn't
> > > think so.
> > 
> > I don't understand why you say this.  Cryptographic attacks on MD5 aren't
> > going to happen as a result of random file corruption.  The MD5 checksums
> > are still very effective at finding file corruption or modification from
> > what's in the Debian package unless that modification was done by a
> > sophisticated attacker (MD5 preimage attacks are still not exactly easy).
> > Detecting compromises is useful, but only a small part of what the MD5
> > checksums are useful for.
> If the machine has been compromised, *nothing* on the machine can be
> trusted, whether its gpg signed or not. However, for detecting corruptions
> and the local sysadmin meddling Russ mentioned, md5sum is more than adequate

Sure, I'm not contesting that.

> and using something 'more secure' than md5sum is overkill.

This is where I disagree. When a checksum algorithm is compromised (and
MD5 *is* compromised), things only ever get worse, not better. Indeed,
MD5 preimage attacks are pretty hard *today*. But switching to something
more secure in preparation for the day when MD5 will be easily cracked
by every script kiddo around is *not* overkill.

The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.

Reply to: