Hi,
today I've checked some stuff on apt-secure subject, and saw this:
https://wiki.debian.org/SecureApt#How_to_manually_check_for_package.27s_integrity
On this post of the wiki it didn't talked about verifying the size of
the file, for checking integrity of the package. So I was curious if apt
did or not checked file size during download/install.
I checked Release/Packages files and they contain the checksums and the
size for each file.
(I already saw you guys discussing this sometime ago to avoid
hash-collision attacks, just don't know where...)
Then I went to the apt source code, checking if it was verifying it
(someone on irc oftc #debian-security talked about checking it), and
reached this piece of code.
file: apt-private/private-install.cc
49 bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask, bool
Safety)
...
145 if (DebBytes != Cache->DebSize())
146 {
147 c0out << DebBytes << ',' << Cache->DebSize() << std::endl;
148 c0out << _("How odd... The sizes didn't match, email
apt@packages.debian.org") << std::endl;
149 }
As the other guy said when I show this to him was that it is only a
warning (but it uses some special ostream c0out...), and if the file
size is different something "wrong" happened to the download, and if the
checksum matches but file size is different "a lot of wrong" happened
(hash-collision).
Also this verification (file size) should be applied to apt-update for
all files except Release file that is signed (it also cannot be safely
compared, against nothing else).
I was checking ftparchive/cachedb.cc for the size match comparing but
lost myself in the process...
I was looking for it on source code but this is a big and complex
software! Maybe you guys can see it quickly if your doing it or not.
I would really like to ear from you, email, chat... if there is anything
i can help, I'm available to do it.
Cheers to all,
and thanks for your attention
HT
## Some thoughts on integrity verification (not directly related to this) ##
Some other solution against this kind of collision attacks could be
using two different hashing algorithms (sha1 and md5 for instance) and
they both must verify. I think it is very difficult to create a "perfect
collision" on a file for both algorithms. But i may be wrong, have to
check some hashing algorithms stuff, but looks like it in the following
links.
http://m.metamorphosite.com/one-way-hash-encryption-sha1-data-software
http://www.herongyang.com/Cryptography/MD5-Message-Digest-Algorithm-Overview.html
Attachment:
signature.asc
Description: OpenPGP digital signature