FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 10-12-2012, 08:31 PM
Christoph Anton Mitterer
 
Default Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Fri, 2012-10-12 at 13:10 +0200, David Kalnischkies wrote:
> Oh, and there is "Description-md5". I can't imagine a scenario in which it
> would be useful to change the English description of a package for an attack
> (which you want to hide by displaying the translations of the not modified
> version)

I cannot think of any either, well at lest not of anything, for which a
plain collision would be enough,...

But it's a general security paradigm, that one shouldn't just focus on
the attack vectors one can think of... but rather trying to secure
"everything"


Cheers,
Chris.
 
Old 10-12-2012, 08:37 PM
Michael Gilbert
 
Default Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Fri, Oct 12, 2012 at 4:31 PM, Christoph Anton Mitterer wrote:
> But it's a general security paradigm, that one shouldn't just focus on
> the attack vectors one can think of... but rather trying to secure
> "everything"

Which is impossible, or at least man-powerwise insurmountable. There
are something like 500 million lines of code in a Debian release.
Obviously not all code bits have security implications, but the right
flaw in any one link in that chain could lead to security problems.
If we were rigorous, that would 500,000 lines of code to review per
DD. An impossible and error-prone task.

It's more about identifying mistakes, learning from them, attempting
to track *everything*, and correcting known problems quickly.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CANTw=MP9wqmuuey4-erR4JNNRZn1NnpKPSCbz5nT1ca4DrunLA@mail.gmail.com
 
Old 10-12-2012, 08:45 PM
Christoph Anton Mitterer
 
Default Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Fri, 2012-10-12 at 16:37 -0400, Michael Gilbert wrote:
> Which is impossible, or at least man-powerwise insurmountable. There
> are something like 500 million lines of code in a Debian release.
I wasn't talking about such an impossible task,... but there speaks
nothing against relatively easy things,... like securing all of our
package repository infrastructure by strong algos (as we already did)...
and trying to prevent higher level attacks, like downgrade attacks.


Cheers,
Chris.
 
Old 10-12-2012, 08:52 PM
Michael Gilbert
 
Default Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Fri, Oct 12, 2012 at 4:45 PM, Christoph Anton Mitterer wrote:
> On Fri, 2012-10-12 at 16:37 -0400, Michael Gilbert wrote:
>> Which is impossible, or at least man-powerwise insurmountable. There
>> are something like 500 million lines of code in a Debian release.
> I wasn't talking about such an impossible task,... but there speaks
> nothing against relatively easy things,... like securing all of our
> package repository infrastructure by strong algos (as we already did)...
> and trying to prevent higher level attacks, like downgrade attacks.

Do you have evidence of any of those things? If so, please submit
bugs, and we will look at fixing them. Otherwise, speculation gets us
nowhere and actually wastes time.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CANTw=MNPfrP=N+92tHmy7tSqp8WQrKpEXyNghif0NHs0zPmLH Q@mail.gmail.com
 
Old 10-13-2012, 08:56 AM
Wouter Verhelst
 
Default Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Fri, Oct 12, 2012 at 09:17:32AM +0200, Bernhard R. Link wrote:
> part at all) will only weaken security. So I think what you say is an
> argument for keeping md5sum, so that noone think they can use that
> information for security.

This argument is based on the incorrect assumption that everyone in the
world knows md5 is broken.

(Heck, I'm sure I can find people who don't know that parity checks are
not a security measure, yet who think they know about security, if I
search good enough)

--
Copyshops should do vouchers. So that next time some bureaucracy requires you
to mail a form in triplicate, you can mail it just once, add a voucher, and
save on postage.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20121013085625.GF4766@grep.be">http://lists.debian.org/20121013085625.GF4766@grep.be
 
Old 10-14-2012, 11:14 AM
"Bernhard R. Link"
 
Default Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

* Wouter Verhelst <wouter@debian.org> [121013 10:56]:
> On Fri, Oct 12, 2012 at 09:17:32AM +0200, Bernhard R. Link wrote:
> > part at all) will only weaken security. So I think what you say is an
> > argument for keeping md5sum, so that noone think they can use that
> > information for security.
>
> This argument is based on the incorrect assumption that everyone in the
> world knows md5 is broken.

No it is based on the assumption that in that set of people that care
about security at all but have little enough knowledge of security
to mix up protection against faulty hardware with protection against
attackers there is at least one user having heared the meme
"md5 considered broken" and might combine those half-knowledges to
the correct result that debsums is not about security against attackers.

Causing at least one user to not think they could use debsums as protection
against wilfull file modification by sticking with md5 is (given there are
no benefits from switching hashes at all) a very strong argument that
switching hashes for debsums to stick to the hashes it uses.

Bernhard R. Link


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20121014111405.GA15103@client.brlink.eu">http://lists.debian.org/20121014111405.GA15103@client.brlink.eu
 
Old 10-14-2012, 11:25 AM
Andrey Rahmatullin
 
Default Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Sun, Oct 14, 2012 at 01:14:19PM +0200, Bernhard R. Link wrote:
> > > part at all) will only weaken security. So I think what you say is an
> > > argument for keeping md5sum, so that noone think they can use that
> > > information for security.
> >
> > This argument is based on the incorrect assumption that everyone in the
> > world knows md5 is broken.
>
> No it is based on the assumption that in that set of people that care
> about security at all but have little enough knowledge of security
> to mix up protection against faulty hardware with protection against
> attackers there is at least one user having heared the meme
> "md5 considered broken" and might combine those half-knowledges to
> the correct result that debsums is not about security against attackers.
>
> Causing at least one user to not think they could use debsums as protection
> against wilfull file modification by sticking with md5 is (given there are
> no benefits from switching hashes at all) a very strong argument that
> switching hashes for debsums to stick to the hashes it uses.
For the reference: the manpage says:

"""
debsums is intended primarily as a way of determining what installed files
have been locally modified by the administrator or damaged by media errors
and is of limited use as a security tool.

If you are looking for an integrity checker that can run from safe media,
do integrity checks on checksum databases and can be easily configured to
run periodically to warn the admin of changes see other tools such as:
aide, integrit, samhain, or tripwire.
"""

--
WBR, wRAR
 
Old 10-15-2012, 12:58 AM
Christoph Anton Mitterer
 
Default Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Sun, 2012-10-14 at 17:25 +0600, Andrey Rahmatullin wrote:
> """
> debsums is intended primarily as a way of determining what installed files
> have been locally modified by the administrator or damaged by media errors
> and is of limited use as a security tool.
>
> If you are looking for an integrity checker that can run from safe media,
> do integrity checks on checksum databases and can be easily configured to
> run periodically to warn the admin of changes see other tools such as:
> aide, integrit, samhain, or tripwire.
> """

I never claimed (and already explicitly said that before) that it was
intended to be used for that,... or that I would do or recommend so...
just that people might and that it already happens more or less
(rkhunter has a mode of doing so, IIRC).


Chris.
 
Old 10-15-2012, 01:08 AM
Christoph Anton Mitterer
 
Default Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Fri, 2012-10-12 at 16:52 -0400, Michael Gilbert wrote:
> On Fri, Oct 12, 2012 at 4:45 PM, Christoph Anton Mitterer wrote:
> > I wasn't talking about such an impossible task,... but there speaks
> > nothing against relatively easy things,... like securing all of our
> > package repository infrastructure by strong algos (as we already did)...
> > and trying to prevent higher level attacks, like downgrade attacks.

> Do you have evidence of any of those things?
Well as I said previously, in security one should usually not try to
only take measures against things one can identify as a problem right
now. Especially if there's no considerable disadvantage, then I see no
good reason for not using the strongest (in this specific example) hash
algorithms available.

Now the argument some people threw in, that debsums should stay at MD5
to already hint that it shouldn't be used for intrusion detection:
- It's much better than to clearly document that this shouldn't be used
in that way (which is already done)... and then use a algo that provides
a good trade off between speed and hash quality (MD5 might be just
that...).
- I still think that one may build up a system using debsums that is
equally secure than what AIDE and friends do. At least I see no reason
speaking against.


> If so, please submit
> bugs, and we will look at fixing them. Otherwise, speculation gets us
> nowhere and actually wastes time.
Well I had once a discussion (around March this year) here about
blockin/downgrade attacks... which, AFAICS, both are possible in secure
APT right now.... but there was no real outcome.
Unforunately it seems that people do not take these higher-level attacks
really serious.... even though the danger they impose is quite high.


Cheers,
Chris.
 
Old 10-15-2012, 07:15 AM
Andrey Rahmatullin
 
Default Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Mon, Oct 15, 2012 at 02:58:15AM +0200, Christoph Anton Mitterer wrote:
> > """
> > debsums is intended primarily as a way of determining what installed files
> > have been locally modified by the administrator or damaged by media errors
> > and is of limited use as a security tool.
> >
> > If you are looking for an integrity checker that can run from safe media,
> > do integrity checks on checksum databases and can be easily configured to
> > run periodically to warn the admin of changes see other tools such as:
> > aide, integrit, samhain, or tripwire.
> > """
> I never claimed (and already explicitly said that before) that it was
> intended to be used for that,... or that I would do or recommend so...
I never said you did.

--
WBR, wRAR
 

Thread Tools




All times are GMT. The time now is 07:28 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org