Re: Time to replace MD5?

[Michael Stone <mstone@debian.org>]

On Thu, Jun 14, 2007 at 11:37:33AM +0200, Steffen Schulz wrote:
> On 070614 at 00:00, Michael Stone wrote:
> > On Wed, Jun 13, 2007 at 11:14:15PM +0200, Steffen Schulz wrote:
> > >http://www.cits.rub.de/MD5Collisions/
> > >One example how to create two files with same hash that act
> > >differently. Should work with most active content.
> > Cool. So the security team can rig an executable that can be modified 
> > and still have the same md5.
>
> Point was: md5 collisions are a real-world problem.

If they are, you've failed to show it.

> > >With the above results, it would be possible to officially distribute
> > >nice behaving software but present specific targets with modified
> > >packages that do evil.
> > Yup. Or the security team could just plant a regular backdoor, [..]
>
> The critical bit was included in the sentence you removed:
> What hashes does apt-secure use?
>
> Judging from this documentation, md5 is used for apt-secure, too:
> http://people.debian.org/~walters/monk.debian.net/apt-secure/x35.html
>
> So every maintainer could distribute nice binaries and then inject
> malicious packets to certain targets.

Every maintainer can do that without dicking around with md5 collisions.

> > If you don't trust the security team, you probably shouldn't install 
> > security updates. 
>
> Sorry for being unclear,

If you don't trust the debian maintainers, you probably shouldn't 
install debian. Sorry for being unclear.

Mike Stone