Am Sonntag, 23. Januar 2011, um 20:52:44 schrieb AK: > Regarding the MD5 sum example and certain released PoCs: producing two > "random" files with identical MD5 sums is one thing, introducing a > meaningful backdoor (which means deterministic change) or ten in a > Debian iso and generating an iso file which is similar in size to the > original one and has an identical MD5 sum might be a tad more > computationally difficult (this is my estimation), especially for > something as short-lived as a Linux CD image. With control over a single Debian package (read: when a Debian developer is in on the attack), it could be easily done including plausible deniability for the involved developer: 1. Place a random (but large enough) binary blob into a binary installed by a package. The binary blob in the Debian package as uploaded to the archive is competely harmless and may just look odd (if it was detected, that is). 2. Create a second binary blob with a collision (but with harmful content). This is fairly easy to do if the two blobs are similar save for a small, known-to-collide part. 3. Wait for the uploaded package to appear in an ISO and the MD5 sums to be created 4. Replace the binary blob, the MD5 sum still matches. 5. Give somebody the changed ISO.... So yes, MD5 should no longer be recommended. best regards, Rene
Attachment:
signature.asc
Description: This is a digitally signed message part.