Am Montag, 24. Januar 2011, um 11:29:25 schrieb AK: > While the attack sequence presented is valid, in practice, given that > there are a lot of "Debian based" distributions out there, wouldn't this > be caught somewhere down the line? I wouldn't count on it, unfortunately - I have been working on a security/firewall distribution based on Debian (Gibraltar firewall) since ca. 2000, and we just don't have the manpower to audit upstream Debian packages. We certainly didn't catch the openssl bug, and I don't think any of the other Debian-derived distributions did. It would be exceedingly easy to hide a small, known-to-be-colliding binary block in most of the Debian packages and call it with an obscure overflow-like bug in one of the binaries. Therefore, I strongly suggest to move away from all uses of MD5 and use SHA-2 (>=256) instead (SHA1 already makes the crypto community nervous, and we will need to wait for SHA-3 to arrive at something that will hopefully hold for >10 years...). best regards, Rene
Attachment:
signature.asc
Description: This is a digitally signed message part.