Full Disclosure mailing list archives
Re: Signature or checksum? (was: MD5 considered harmful)
From: coderman <coderman () gmail com>
Date: Sat, 1 Dec 2007 21:59:30 -0800
On Dec 1, 2007 7:08 PM, <Valdis.Kletnieks () vt edu> wrote:
... (Note that strictly speaking, what you *really* want is a PGP-signed or otherwise authenticated MD5/SHA-256 hash. Otherwise, if I'm an attacker, I can just splat a new binary up, and a new MD5SUMS file that lists the MD5 sum for the backdoored binaries. If anything, more people manage to screw *this* part up than the much lesser offense of still using MD5 rather than something from the SHA-2 family)....
this has come up recently in situations like the hushmail trojan'd applets and so forth. consider a court order that compels you to sign a given backdoor'd product in use by a targeted individual. in this case, the use of signatures provides less security than comparing public checksums. (because you'd notice that your particular download has a different sum, while comparing signatures you'd assume it was legitimate.) ideally everyone would compare both a signature (a trusted source provided it) as well as a public checksum (let's assume you can do so out of band securely using archives or other channel not actively controlled by an attacker). i know that signatures include a checksum, but this is hidden by the verification process. the human really needs to be in the loop for both. best regards, p.s. for the tin foil hat crowd, those digital sigs are looking weaker every year compared to cryptographic hash functions and block ciphers: http://dwave.wordpress.com/2007/11/26/slides-from-sc07-progress-in-quantum-computing-panel/ not to mention GNFS improvements the last few years... (ok, i admit, i love an excuse to reference Mr. T) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Signature or checksum? (was: MD5 considered harmful) coderman (Dec 01)