Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

To: debian-user@lists.debian.org
Subject: Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Tue, 23 Feb 2016 16:38:46 +0100
Message-id: <[🔎] 27872577328698659859@scdbackup.webframe.org>
In-reply-to: <[🔎] 20160223145203.GA7538@alum>
References: <[🔎] 20160223145203.GA7538@alum>

Hi,

Nicolas George wrote:
> > You are changing the terms of the problem at each messages,

Only as far as use cases for Debian ISO image hashs are concerned.
No hash collisions among all Debian ISOs (or better all ISOs in the
world) is a valuable property.

i wrote:
> > > I could imagine that PGP is easier to surpass than that.

> > It is not a matter of surpassing anything.

There is no use in converting the frontside of the house into
a fortress while having a backdoor made of cardboard.

If the SHA512SUMS.sign file can be hacked, then the SHA512 sums
are not trustworthy any more.
So the strength of PGP relative to the strength of the used
combined checksums does matter.

But as said previously, the biggest danger is in evil package sources.
MD5 is much less prone than are us upstreamers.
(What shall i do if the Bundesnachrichtendienst rings my doorbell,
has the Verfassungsschutz in tow, plus a bailiff and two police
officers, while an armed drone is cycling over my house ?)

David Wright wrote:
> But it's raised an issue that interests me...
> ...
> (I've rolled my own implementation of fdupes (which uses MD5) in python.)

As long as no intentional covert manipulations are to fear, MD5
will suffice for any reasonable degree of certainty.
(Unless you regularly prepare for the asteroid impact and thus
 can be considered as sufficiently paranoid.)

On my machines of the last 10 years, MD5 computation was always
faster than hard disk reading. So a faster algorithm for my
backup checksums would not speed up the backup preparations.

As for CRC, a skilled choice of two different divisor
polynomials is supposed to yield two independent 32 bit sums.
(The polynomials should at least not be multiples of each other.)
  https://en.wikipedia.org/wiki/Polynomial_representations_of_cyclic_redundancy_checks
I'd expect that those would be computed faster than MD5, if
you use a table based implementation.
64 bits with targeted comparison and 32 bits with search over
a larger set should suffice for many purposes.

Have a nice day :)

Thomas

Reply to:

Follow-Ups:
- Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System
  - From: Nicolas George <george@nsup.org>

References:
- Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System
  - From: David Wright <deblis@lionunicorn.co.uk>

Prev by Date: Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System
Next by Date: Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System
Previous by thread: Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System
Next by thread: Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System
Index(es):
- Date
- Thread