Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
On Thu, Oct 18, 2012 at 9:19 PM, Christoph Anton Mitterer wrote:
> 2) downgrade attacks
> These have the same idea as blocking attacks (prevent the user to get
> updates) but are a bit smarter.
> You don't simply block any update requests, but rather you sent the user
> old repository data. These are correctly signed by Debian... just...
> they are old and do not yet know about the updates.
> The only way of preventing this was, if apt/aptitude would utterly bail
> out/print error messages/give non-zero exit statuses if the repo-data
> they are working on are older than <some well thought time interval>
> (typically that would be something around the mirror update interval).
> Of course the time of a Release file would have to be signed ;)
The release files *are* signed. Try using snapshot.debian.org (older
than 2 weeks I think) as an apt source. It will fail loudly that the
release file is expired.
This is a whole lot of speculation about things that are already
handled. Please think about how you could demonstrate to yourself
before pressing it on the rest of the world.