2008/10/27 Mark Allums <mark@allums.com>:
On 2008-10-27 08:24 +0100, David Baron wrote:
The newest debsums from Sid can do a daily check for md5 disagreement.
Useful for security?
[...]
MD5s are not useful for security purposes any more. They are too easy to
duplicate with a malicious file. There are demonstrations of this out
there, one guy produced two different valid PDFs with the same MD5.
To be fair, it is easier to produce two files having the same checksum
than creating a second file having a fixed checksum. But sure, MD5
should be considered broken.
And as Sven pointed out, if the checksums are stored on the same
machine, the fact that things seem to verify could be because the
attacker has replaced the checksum. This scheme is broken for any hash
function, not only MD5 and others that are broken. The same argument
could be applied to any "solution" using the possibly-tampered-with
machine to verify itself. How can you possibly trust the result of
such an operation?
Take care,
Martin