Re: md5 hashes used in security announcements
On Fri, Oct 24, 2008 at 03:12:20PM -0500, Raphael Geissert wrote:
> Bas Steendijk wrote:
> > 2 files with a colliding hash can only be made by someone who can
> > influence the creation of the file (thus, someone inside debian). he can
> > make a "good" and a "bad" version of a package with the same MD5, and
> > the same size. for someone to make a file with the same hash without
> > influence in the creation of the original file would be a preimage attack.
> Yeah, but remember that the "bad" version must also be a valid .deb file with
> something inside that does work; otherwise you may just be able to get some
> random stuff with the same file size and md5 sum but without any use.
Additionally, it doesn't matter -- it's just the md5 in the email
announcement. The Release and Packages files for the archive have SHA1
and SHA256. The md5 from the announcement is almost not important,
IMO -- no one should download files individually from the announcement.
Kees Cook @outflux.net