[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Fri, 2012-10-12 at 16:52 -0400, Michael Gilbert wrote:
> On Fri, Oct 12, 2012 at 4:45 PM, Christoph Anton Mitterer wrote:
> > I wasn't talking about such an impossible task,... but there speaks
> > nothing against relatively easy things,... like securing all of our
> > package repository infrastructure by strong algos (as we already did)...
> > and trying to prevent higher level attacks, like downgrade attacks.

> Do you have evidence of any of those things?
Well as I said previously, in security one should usually not try to
only take measures against things one can identify as a problem right
now. Especially if there's no considerable disadvantage, then I see no
good reason  for not using the strongest (in this specific example) hash
algorithms available.

Now the argument some people threw in, that debsums should stay at MD5
to already hint that it shouldn't be used for intrusion detection:
- It's much better than to clearly document that this shouldn't be used
in that way (which is already done)... and then use a algo that provides
a good trade off between speed and hash quality (MD5 might be just
- I still think that one may build up a system using debsums that is
equally secure than what AIDE and friends do. At least I see no reason
speaking against.

> If so, please submit
> bugs, and we will look at fixing them.  Otherwise, speculation gets us
> nowhere and actually wastes time.
Well I had once a discussion (around March this year) here about
blockin/downgrade attacks... which, AFAICS, both are possible in secure
APT right now.... but there was no real outcome.
Unforunately it seems that people do not take these higher-level attacks
really serious.... even though the danger they impose is quite high.


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: