Hi, today I've checked some stuff on apt-secure subject, and saw this: https://wiki.debian.org/SecureApt#How_to_manually_check_for_package.27s_integrity On this post of the wiki it didn't talked about verifying the size of the file, for checking integrity of the package. So I was curious if apt did or not checked file size during download/install. I checked Release/Packages files and they contain the checksums and the size for each file. (I already saw you guys discussing this sometime ago to avoid hash-collision attacks, just don't know where...) Then I went to the apt source code, checking if it was verifying it (someone on irc oftc #debian-security talked about checking it), and reached this piece of code. file: apt-private/private-install.cc 49 bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask, bool Safety) ... 145 if (DebBytes != Cache->DebSize()) 146 { 147 c0out << DebBytes << ',' << Cache->DebSize() << std::endl; 148 c0out << _("How odd... The sizes didn't match, email apt@packages.debian.org") << std::endl; 149 } As the other guy said when I show this to him was that it is only a warning (but it uses some special ostream c0out...), and if the file size is different something "wrong" happened to the download, and if the checksum matches but file size is different "a lot of wrong" happened (hash-collision). Also this verification (file size) should be applied to apt-update for all files except Release file that is signed (it also cannot be safely compared, against nothing else). I was checking ftparchive/cachedb.cc for the size match comparing but lost myself in the process... I was looking for it on source code but this is a big and complex software! Maybe you guys can see it quickly if your doing it or not. I would really like to ear from you, email, chat... if there is anything i can help, I'm available to do it. Cheers to all, and thanks for your attention HT ## Some thoughts on integrity verification (not directly related to this) ## Some other solution against this kind of collision attacks could be using two different hashing algorithms (sha1 and md5 for instance) and they both must verify. I think it is very difficult to create a "perfect collision" on a file for both algorithms. But i may be wrong, have to check some hashing algorithms stuff, but looks like it in the following links. http://m.metamorphosite.com/one-way-hash-encryption-sha1-data-software http://www.herongyang.com/Cryptography/MD5-Message-Digest-Algorithm-Overview.html
Attachment:
signature.asc
Description: OpenPGP digital signature