In <[🔎] 4D3C66A0.email@example.com>, AK wrote: >3) Regarding policies, I think that unfortunately Debian has a bad >record (cough, cough, openSSL PRNG circa 2008) The patch file that introduced that security issue can be broken into two parts that don't overlap: (a) the part that fixed the "policy violation" and (b) the part that undermined the security. Initially, part (a) was written based on a recommendation from an automated tool. Then a similar block of code was found that hadn't been reported using the automated tool. The code looked so similar, someone thought that it the same changes should be applied there. Those copied changes are part (b), and deeper analysis indicated that part (b) was not only not needed (the automated tool was correct not to report an issue) but was actively undermining security. Slavish adherence to policy was not the problem. Bad policy was not the problem. A human mistake was made and it because a long-standing problem. >> The instructions here are quite problematic. First of all, they advise the >> use of md5 which has been broken >> <http://en.wikipedia.org/wiki/MD5#Security>. It occurs to me that >> changing this documentation to use another hash would be trivial. If >> security advice from debian suggests the use of md5, it also makes me >> wonder where else in the debian operating or package system md5 still >> gets used. It doesn't make me feel safe if an operating system does not >> have a policy to replace all occurrences of a certain cryptographic >> function after it has been broken. What is the position of the debian >> development/security team on this? Salted MD5 is not broken, and it is currently used for password hashing. I don't recommend using MD5 to verify the CD images, since there are some pretty nasty chosen prefix collision attacks. But, SHA-1 and SHA-2 family of hashes are also available. MD5 verification of a CD image is still better than nothing, at least for now. >> In conclusion of this, the highest level of security with which I and many >> others can obtain debian *in practice* is plain http. I disagree with that assertion. -- Boyd Stephen Smith Jr. ,= ,-_-. =. firstname.lastname@example.org ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Description: This is a digitally signed message part.