Let's avoid using md5 as checksum
Eric Hall
opendarwin.org at darkart.com
Fri Feb 15 20:01:41 PST 2008
On Fri, Feb 15, 2008 at 08:48:41PM -0700, Boyd Waters wrote:
>
[snip]
>
> MD5 is sufficient for verifying a successful download of a source
> tarball.
I believe there are attacks against MD5 that make it insufficient
to verify that the "right" distfile was downloaded.
>
> MD5 may not be sufficient to prevent evil hackers from adding
> malicious elements to the source code, but in practice this is not
> going to happen: the attacker must transform the code into something
> that still compiles, performs their nefarious deeds, and has a given
> MD5 hash. I'd love to see a demonstration of that!
Do you remember the PDF example from several years back?
IIRC, the attack was based on a PDF containing one of two blobs that
MD5 to the same value. By testing for which one is present, a different
representation of the PDF is displayed. This sort of attack is very
easy to imagine in a big blob of code. Is it likely? Probably not.
Are there other game-over equivalences involved (attacker is the distfile
author, or has compromised the distfile server so can (either way)
push out a shiny-new version with exploits baked in)? Yuppers.
>
> That said, I use rmd160 and sha1 for my ports, so who's being paranoid
> here? :-)
>
All of us. :)
-eric
More information about the macports-dev
mailing list