[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5 hashes used in security announcements

On Fri, Oct 24, 2008 at 03:12:20PM -0500, Raphael Geissert wrote:
> Bas Steendijk wrote:
> > 
> > 2 files with a colliding hash can only be made by someone who can
> > influence the creation of the file (thus, someone inside debian). he can
> > make a "good" and a "bad" version of a package with the same MD5, and
> > the same size. for someone to make a file with the same hash without
> > influence in the creation of the original file would be a preimage attack.
> Yeah, but remember that the "bad" version must also be a valid .deb file with
> something inside that does work; otherwise you may just be able to get some
> random stuff with the same file size and md5 sum but without any use.

Additionally, it doesn't matter -- it's just the md5 in the email
announcement.  The Release and Packages files for the archive have SHA1
and SHA256.  The md5 from the announcement is almost not important,
IMO -- no one should download files individually from the announcement.

Kees Cook                                            @outflux.net

Reply to: