[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: concrete steps for improving apt downloading security and privacy

On Sun, Jul 13, 2014 at 5:04 AM, Jann Horn <jann@thejh.net> wrote:
> On Mon, Jul 07, 2014 at 08:09:14PM +0900, Joel Rees wrote:
>> But again, that's only half the story. When you send a kernel image
>> encrypted, they have the plaintext and the crypt, and the thing is
>> large and hard. This is the kind of data that can be used to
>> completely break an entire encryption algorithm.
>
> When you say "break an entire encryption algorithm", do you mean
> "find the key" or really "break the whole algorithm"?

Both, of course.

> If you mean "break the whole algorithm and gain the ability to
> convert ciphertexts to plaintexts no matter what key was used",
> please consider that they could just encrypt a lot of data with
> random keys themselves instead of collecting it from the internet.
>
> If you mean "find the key": So what? You're talking about session
> keys used in the TLS connection, right? Even if there was the kind
> of attack you're thinking about, it would only allow an attacker to
> gain access to the connection that he would be able to MITM anyway
> without the TLS layer.

What are the encryption methods that underlie the current
implementations of TLS?

What were the previous methods?

Why did they have to be changed? What did the research that induced
the change use in getting the results they got?

Have the researchers given up?

No? What kinds of data do they use?

Note that we still don't have a publicly known general attack against
MD5 encryption for arbitrary plaintexts.

MD5 has been broken for a small number of applications. Its status is
questionable for the rest, but if we want to help break it completely,
let's get all the distros that insist on still using MD5 to use it,
not just for signing, but for encrypting their distribution images.

I'm not talking about suddenly facing the end of the world as we know
it tomorrow. I'm talking about choosing to push the time when we have
to shift encryption methods again a few years forward by casually
providing more data for research.

-- 
Joel Rees

Be careful where you see conspiracy.
Look first in your own heart.
Reply to: