---------- Forwarded message ----------
From:
Robert Tomsick <robert@tomsick.net>
Date: Mon, Jan 3, 2011 at 7:52 PM
Subject: Re: Fwd: Fwd: question regarding verification of a debian installation iso
To: Naja Melan <
najamelan@gmail.com>
On Mon, 2011-01-03 at 19:23 +0100, Naja Melan wrote:
> If the author of such instructions
> would be forced to justify say md5, I am quite confident that md5 would
> instantly be scrapped and replaced by better algorithm and we would
> instantly already have better and safer instructions.
Given the attacks on MD5, it's useful as a check against corruption but
basically useless against tampering. Implicitly suggesting otherwise
(such as by presenting MD5 hashes as an alternative to SHA/RIPEMD
hashes) is IMHO a rather bad idea, especially since the folks who need
instructions on its use are likely to be unaware of its flaws. Still,
this is a relatively minor issue since Debian also provides SHA-1 hashes
alongside the MD5 ones.
As far as the problem of trust, I really don't understand why HTTPS
isn't the default for the page(s) serving the checksums. Yes, there are
still a ton of ways that the sums could be altered (compromise of
project servers, CA coercion/negligence + MITM, shadowy cabals, etc.) --
but that doesn't mean that we shouldn't try to raise the bar for
attackers!
Naja makes a good point: right now the only requirement to compromise a
novice user's installation is to be able to conduct some form of MITM on
their connection. If they're not a GPG user and download a Debian ISO
over, say, a publicly-accessible wireless network or a sniffable LAN
they're basically screwed -- at that point they've got to bank on not
being worth attacking. Now it's true that that could be a pretty safe
bet (it is for me) -- but I don't think it's one that we should force
novice users to make.