[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: concrete steps for improving apt downloading security and privacy

On Sun, Jul 13, 2014 at 1:28 PM, Noah Meyerhans <noahm@debian.org> wrote:
> On Sun, Jul 13, 2014 at 08:35:56AM +0900, Joel Rees wrote:
>> MD5 has been broken for a small number of applications. Its status is
>> questionable for the rest, but if we want to help break it completely,
>> let's get all the distros that insist on still using MD5 to use it,
>> not just for signing, but for encrypting their distribution images.
>
> The point that you miss is that a chosen plaintext attack is not
> dependent on the secret key in use.

If I stand on my head does that make more sense?

Nope. Doesn't.

> It's an attack against the algorithm
> itself.

Looking at it sideways doesn't help, either.

> If we sign publically available data (be it Debian packages, CD
> images, or this email) with a given key, we really aren't giving our
> adversaries anything that they can't create for themselves.

Sure we are. We are providing them instances of a different experiment
set than any they are likely do generate themselves. Unless we use
keys generated by some algorithm they might use to generate data.

And we are also giving them the use of our servers.

> Keys are
> cheap to generate.

Keys that are cheap to generate should not be used on live data.

> If an adversary wants to perform chosen plaintext
> analysis, they can do so today with their own keys and with all the
> common public datasets they want.

And generating/managing their own data is a time cost. Moreover, if
they fail to use some arbitrary algorithm, their choice of key is
hit-and-miss, mostly miss. But if they use some algorithm, they are
subject to the problems of brute-forcing against a large attack
domain.

> Getting "all the distros that insist
> on still using MD5 to use it, not just for signing, but for encrypting
> their distribution images" won't change anything.

So, when you want to do a survey of most popular TV shows, you just
generate your own survey results and don't bother to define and canvas
an audience?

You do understand that the most effective attacks against the
algorithms are statistical in nature?

> (Not to mention that
> it shows a fundamental misunderstanding of what a digest algorithm like
> md5 actually is.)

You like to work backwards, trying to generate data from a hash, I suppose?

> noah

-- 
Joel Rees

Be careful where you see conspiracy.
Look first in your own heart.
Reply to: