You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2004-08-21 16:17:53
- Michel
- Member
- From: Belgium
- Registered: 2004-07-31
- Posts: 286
[suggestion] not using md5 anymore?
Heya,
a few days ago I read about it and now I encountered it again on linuxsecurity.
Here's a small story:
http://news.com.com/Crypto+researchers+ … 13655.html
I suppose it's hard to make an identical md5 and inserts some code that does something dangerous. Anf maybe you even have to break into the server, but still ...
Maybe it's better to use sha-1for seeing if a package was modified or is there any reason not to use it ?
Ofcourse they tell sha-1 could be insecure as well .. but anyway it should be better than md5 anyway.
An even better step woul dbe to sign the hashes ofcourse ... and also take a hash of the PKGUILD file since that one can also execute things, not? Ofcourse, I suppose you can take md5's of the PKGBUILD-file already I suppose ..., but am I the only one not doing it ...
greetz,
Michel
Offline
#2 2004-08-21 19:51:46
- cactus
- Taco Eater
- From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
- Registered: 2004-05-25
- Posts: 4,622
- Website
Re: [suggestion] not using md5 anymore?
This could be a problem with most current hashes with "dense" data. It takes "dense" data to allow for any usuful bit substitution to be meaningful, it seems.
For arch purposes, it might just be better to digitially sign everything. It would complicate the administration of updates considerably, but it would be quite a bit more secure on the downstream side of things..
anyway, definately something for the arch big wigs to think about...In the coming weeks, I foresee many other distro devs will be pondering on what to do about this issue too.
Who knows...maybe Rivest is hard at work on md6 already..
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
#3 2004-08-22 17:40:01
- Haakon
- Member
- From: Bergen, Norway
- Registered: 2004-05-09
- Posts: 109
Re: [suggestion] not using md5 anymore?
Please do not panic. MD5 is not "broken" at all. You suppose it may be "hard" to find an identical md5sum for a file. That's not even half of it. It's not "hard", it's extremely super duper hard. It will take you years and years. In fact, only one such collision has been found yet, and that took them long enough too. Crypto security is not about being "unbreakable", but about being so hard to break that in the time it takes you, the information you try to get at is already obsolete. This is still the case with MD5, and I suspect it will be for a long time.
Offline
#4 2004-08-22 18:17:42
- i3839
- Member
- Registered: 2004-02-04
- Posts: 1,185
Re: [suggestion] not using md5 anymore?
That was the old situation, this is something new, go read the site. Still no reason to panick though, just to make future plans. Quote from the site:
MD5's flaws that have been identified in the past few days mean that an attacker can generate one hash collision in a few hours on a standard PC. To write a specific back door and cloak it with the same hash collision may be much more time intensive.
Still, Hughes said that programmers should start moving away from MD5. "Right now the algorithm has been shown to be weak," he said. "Before useful (attacks) can be done, it's time to migrate away from it."
Another advantage of using asymmetric encryption instead of MD5 is that the database doesn't need to include a checksum of each package anymore, making the database smaller and pkgbuilds simpler. Instead the hash result can be distributed with the package, and thanks to the asymmetric nature of the encryption cipher used (e.g. RSA) that's safe (because the key to encrypt is different than the key to decrypt, so you can make one of those two keys public). It's also more practical to store the checksum with the package instead seperate.
Offline
#5 2004-08-23 05:21:04
- cactus
- Taco Eater
- From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
- Registered: 2004-05-25
- Posts: 4,622
- Website
Re: [suggestion] not using md5 anymore?
I will be interested to read Shnier's analysis when he completes it. He is supposedly looking into it.
Rivest et. al. haven't even recieved full disclosure yet (or so I was told), so they will likely begin analyzing the situation shortly as well.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
#6 2004-09-09 10:53:14
- ganlu
- Member
- From: ChongQing, China
- Registered: 2004-01-04
- Posts: 360
Re: [suggestion] not using md5 anymore?
I heard about that is 4 chinese (one of them is female) 'crack' MD5 down, if so, I am really prond of it.
Offline
#7 2004-09-09 11:05:36
- ganlu
- Member
- From: ChongQing, China
- Registered: 2004-01-04
- Posts: 360
Re: [suggestion] not using md5 anymore?
Ha, ha, I am really prond of being a Chinese.
http://www.tcs.hut.fi/~mjos/md5/
They make www.md5crk.com no meaning to exist.
Offline
Pages: 1