Re: md5sums files
On Wed, Mar 03, 2010 at 03:17:52PM +1100, Erik de Castro Lopo wrote:
> Russ Allbery wrote:
> > Wouter Verhelst <email@example.com> writes:
> > > Or is it useful to be able to say "if it doesn't check out, it's
> > > certainly corrupt, and if it does check out, it may be corrupt"? Didn't
> > > think so.
> > I don't understand why you say this. Cryptographic attacks on MD5 aren't
> > going to happen as a result of random file corruption. The MD5 checksums
> > are still very effective at finding file corruption or modification from
> > what's in the Debian package unless that modification was done by a
> > sophisticated attacker (MD5 preimage attacks are still not exactly easy).
> > Detecting compromises is useful, but only a small part of what the MD5
> > checksums are useful for.
> If the machine has been compromised, *nothing* on the machine can be
> trusted, whether its gpg signed or not. However, for detecting corruptions
> and the local sysadmin meddling Russ mentioned, md5sum is more than adequate
Sure, I'm not contesting that.
> and using something 'more secure' than md5sum is overkill.
This is where I disagree. When a checksum algorithm is compromised (and
MD5 *is* compromised), things only ever get worse, not better. Indeed,
MD5 preimage attacks are pretty hard *today*. But switching to something
more secure in preparation for the day when MD5 will be easily cracked
by every script kiddo around is *not* overkill.
The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.