On 12/10/12 12:10, David Kalnischkies wrote:
> I wonder if it is really a good idea to search for a security checksum
> based on the metric that it can be quickly calculated … but off-topic.

It depends what you're using it for: security is not magic pixie dust. A
hashing algorithm that is faster and equally collision-resistant is
better for integrity-checking (faster and no less secure), but worse for
password hashing (an attacker can try potential passwords faster).

>> Anyway... I guess it was clear, that I rather meant secure APT... dsc
>> files, Release.gpg, etc. pp.
>
> APT will usually negotiate the checksum to use based on what it supports
> and what is included in the Release file.

Another relevant hashing algorithm is the one that GnuPG (as used by the
ftpmasters) uses to generate the signature for InRelease and
Release.gpg. For wheezy-as-testing, InRelease appears to be signed with
(RSA +) SHA1, which is the GnuPG default. In principle the ftpmasters
could configure gpg to sign with SHA256 (or even SHA512) in future,
assuming stable's gnupg (and preferably also oldstable's gnupg) can
verify such signatures.

squeeze's gnupg does seem to support the SHA-2 set of hashes (SHA224 up
to SHA512).

> Oh, and there is "Description-md5". I can't imagine a scenario in which it
> would be useful to change the English description of a package for an attack

This doesn't seem to matter, even if the descriptions were
security-sensitive. The signed file (In)Release(.gpg) contains MD5,
SHA1, SHA256 hashes of both Packages and Translation-*, so you can be
sure that nobody has modified Packages or Translation-* since they left
dak; and anyone who could cause dak to incorporate maliciously-colliding
descriptions (a DD or DM with upload privileges) could do more damage by
uploading a malicious .deb instead.

S


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 50780315.3010400@debian.org">http://lists.debian.org/50780315.3010400@debian.org

Hi Paul.

On Fri, 2012-10-12 at 10:09 +0800, Paul Wise wrote:
> > I further looked around:
> > e.g. the Release file seems to only use MD5.... not so good
> Wrong, the Release file has had all 3 since sarge. woody had MD5 & SHA-1.

Then what's this:
ftp://ftp.de.debian.org/debian/dists/sid/Release


Cheers,
Chris.

On Fri, 2012-10-12 at 09:17 +0200, Bernhard R. Link wrote:
> There is a disadvantage of having longer hashsums, thus making it harder
> for people to compare. The only reason that for those md5 is optimal and
> not crc32 is that there is only one md5 and there is a nice always
> available tool to compute it, so people can compare it more easy.

Do you think it often happens that people compare this manually? I
doubt... even for MD5,... cause whenever it goes above a few files, it
gets a pain with MD5, too.

And the tools for the newer alogs (well at least SHA2) are also quite
widespread now.


> Everything doing something like that can also create those sha2 sums on
> their own and use them. Using the debsums system (which has no security
> part at all) will only weaken security.
Well one argument would be, that these hashes are already created and
"automatically" maintained...


> So I think what you say is an
> argument for keeping md5sum, so that noone think they can use that
> information for security.
Wheter that works?! ;-)

On Fri, 2012-10-12 at 13:49 +0200, Christoph Anton Mitterer wrote:
> Then what's this:
> ftp://ftp.de.debian.org/debian/dists/sid/Release

Ah... my bad... the file is simply truncated at some point... but I
guess this most be a local error.



On Fri, 2012-10-12 at 08:26 +0100, Adam D. Barratt wrote:
> You didn't look very far / well.
> Please check more carefully before making such assertions.

Yep... sorry for making stupid noise... should have noticed it already,
when the file was only the first 30 lines or so (as it appears here).


Chris.

On 12.10.2012 12:49, Christoph Anton Mitterer wrote:

On Fri, 2012-10-12 at 10:09 +0800, Paul Wise wrote:

> I further looked around:
> e.g. the Release file seems to only use MD5.... not so good
Wrong, the Release file has had all 3 since sarge. woody had MD5 &
SHA-1.


Then what's this:
ftp://ftp.de.debian.org/debian/dists/sid/Release


It's a file containing MD5, SHA1 and SHA256 sums, as has already been
explained to you.


/================================================== =================
| $ wget -q ftp://ftp.de.debian.org/debian/dists/sid/Release
|
| $ sha256sum Release
| ca8a6b8809246a885e74600d2a61a0b73ead28dd0f324a682d 8d3d359d82aa35
Release

|
| $ grep -v "^ " Release
| Origin: Debian
| Label: Debian
| Suite: unstable
| Codename: sid
| Date: Fri, 12 Oct 2012 08:17:30 UTC
| Valid-Until: Fri, 19 Oct 2012 08:17:30 UTC
| Architectures: amd64 armel armhf hurd-i386 i386 ia64 kfreebsd-amd64
kfreebsd-i386 mips mipsel powerpc s390 s390x sparc

| Components: main contrib non-free
| Description: Debian x.y Unstable - Not Released
| MD5Sum:
| SHA1:
| SHA256:
================================================== =================

I'm struggling to see what point you believe you're making here.

Regards,

Adam


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: c881b1115792d5f04cc31b53c1bef293@mail.adsl.funky-badger.org">http://lists.debian.org/c881b1115792d5f04cc31b53c1bef293@mail.adsl.funky-badger.org

On 12 October 2012 13:03, Adam D. Barratt <adam@adam-barratt.org.uk> wrote:
> I'm struggling to see what point you believe you're making here.
>

The point he was trying to make that he either caught a mirror during
update, or his connection was flaky, as he didn't fetch the complete
file, nor verify it's gpg signature.

Regards,

Dmitrijs.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CANBHLUgp6ep6e+d0OBqfDX0N8H8oeZOpBJr05JnPM07jqbRJZ w@mail.gmail.com">http://lists.debian.org/CANBHLUgp6ep6e+d0OBqfDX0N8H8oeZOpBJr05JnPM07jqbRJZ w@mail.gmail.com

On Fri, Oct 12, 2012 at 7:49 PM, Christoph Anton Mitterer
<calestyo@scientia.net> wrote:

> Then what's this:
> ftp://ftp.de.debian.org/debian/dists/sid/Release

Sounds like you have a person in the middle hacking your network (or a
browser bug), it works for me:

pabs@chianamo ~ $ GET ftp://ftp.de.debian.org/debian/dists/sid/Release
| grep ^SHA
SHA1:
SHA256:

--
bye,
pabs

http://wiki.debian.org/PaulWise


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAKTje6EvoAvM7YARNovztOpg5UsSf2BnwDJNOaZoJ8RDD+anB w@mail.gmail.com">http://lists.debian.org/CAKTje6EvoAvM7YARNovztOpg5UsSf2BnwDJNOaZoJ8RDD+anB w@mail.gmail.com

On Friday, October 12, 2012 05:10:12 David Kalnischkies wrote:
> On Thu, Oct 11, 2012 at 7:38 PM, Christoph Anton Mitterer
>
> <calestyo@scientia.net> wrote:
> > algo,... not to mention that newer algos like Keccack are quite fast.
>
> I wonder if it is really a good idea to search for a security checksum
> based on the metric that it can be quickly calculated … but off-topic.

FWIW, NIST disagrees. Keccack is SHA-3:
<http://csrc.nist.gov/groups/ST/hash/sha-3/winner_sha-3.html>

On Fri, Oct 12, 2012 at 09:05:01AM -0600, Wesley J. Landaker wrote:
> On Friday, October 12, 2012 05:10:12 David Kalnischkies wrote:
> > On Thu, Oct 11, 2012 at 7:38 PM, Christoph Anton Mitterer
> > <calestyo@scientia.net> wrote:
> > > algo,... not to mention that newer algos like Keccack are quite fast.
> > I wonder if it is really a good idea to search for a security checksum
> > based on the metric that it can be quickly calculated … but off-topic.
> FWIW, NIST disagrees. Keccack is SHA-3:
> <http://csrc.nist.gov/groups/ST/hash/sha-3/winner_sha-3.html>

And conspiracy theories are lingering why that is…

Kind regards
Philipp Kern

Hey Paul.

On Fri, 2012-10-12 at 20:48 +0800, Paul Wise wrote:
> Sounds like you have a person in the middle hacking your network (or a
> browser bug), it works for me:
*g* guess I somehow deserved that ... and not even SHA-3 would have
protected me from not verifying against Release.asc ^^


Cheers,
Chris.