[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: some feedback about security from the user's point of view

In <[🔎] 4D3C66A0.80903@gmail.com>, AK wrote:
>3) Regarding policies, I think that unfortunately Debian has a bad
>record (cough, cough, openSSL PRNG circa 2008)

The patch file that introduced that security issue can be broken into two 
parts that don't overlap: (a) the part that fixed the "policy violation" and 
(b) the part that undermined the security.

Initially, part (a) was written based on a recommendation from an automated 
tool.  Then a similar block of code was found that hadn't been reported using 
the automated tool.  The code looked so similar, someone thought that it the 
same changes should be applied there.  Those copied changes are part (b), and 
deeper analysis indicated that part (b) was not only not needed (the automated 
tool was correct not to report an issue) but was actively undermining 

Slavish adherence to policy was not the problem.  Bad policy was not the 
problem.  A human mistake was made and it because a long-standing problem.

>> The instructions here are quite problematic. First of all, they advise the
>> use of md5 which has been broken
>> <http://en.wikipedia.org/wiki/MD5#Security>. It occurs to me that
>> changing this documentation to use another hash would be trivial. If
>> security advice from debian suggests the use of md5, it also makes me
>> wonder where else in the debian operating or package system md5 still
>> gets used. It doesn't make me feel safe if an operating system does not
>> have a policy to replace all occurrences of a certain cryptographic
>> function after it has been broken. What is the position of the debian
>> development/security team on this?

Salted MD5 is not broken, and it is currently used for password hashing.

I don't recommend using MD5 to verify the CD images, since there are some 
pretty nasty chosen prefix collision attacks.  But, SHA-1 and SHA-2 family of 
hashes are also available.  MD5 verification of a CD image is still better 
than nothing, at least for now.

>> In conclusion of this, the highest level of security with which I and many
>> others can obtain debian *in practice* is plain http.

I disagree with that assertion.
Boyd Stephen Smith Jr.                   ,= ,-_-. =.
bss@iguanasuicide.net                   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy         `-'(. .)`-'
http://iguanasuicide.net/                    \_/

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: