lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 1 Dec 2007 21:59:30 -0800
From: coderman <coderman@...il.com>
To: Valdis.Kletnieks@...edu
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Signature or checksum? (was: MD5 considered
	harmful)

On Dec 1, 2007 7:08 PM,  <Valdis.Kletnieks@...edu> wrote:
> ...
> (Note that strictly speaking, what you *really* want is a PGP-signed or
> otherwise authenticated MD5/SHA-256 hash.  Otherwise, if I'm an attacker,
> I can just splat a new binary up, and a new MD5SUMS file that lists the
> MD5 sum for the backdoored binaries.  If anything, more people manage to
> screw *this* part up than the much lesser offense of still using MD5 rather
> than something from the SHA-2 family)....

this has come up recently in situations like the hushmail trojan'd applets
and so forth.  consider a court order that compels you to sign a given
backdoor'd product in use by a targeted individual.

in this case, the use of signatures provides less security than comparing
public checksums.  (because you'd notice that your particular download
has a different sum, while comparing signatures you'd assume it was
legitimate.)

ideally everyone would compare both a signature (a trusted source
provided it) as well as a public checksum (let's assume you can do so
out of band securely using archives or other channel not actively
controlled by an attacker).

i know that signatures include a checksum, but this is hidden by the
verification process.  the human really needs to be in the loop for both.

best regards,

p.s.  for the tin foil hat crowd, those digital sigs are looking
weaker every year compared to cryptographic hash functions and block
ciphers:

http://dwave.wordpress.com/2007/11/26/slides-from-sc07-progress-in-quantum-computing-panel/

not to mention GNFS improvements the last few years...

(ok, i admit, i love an excuse to reference Mr. T)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ