Let's avoid using md5 as checksum

William Allen Simpson wsimpson at macports.org
Fri Feb 15 23:49:27 PST 2008


On 2/15/08, Eric Hall <opendarwin.org at darkart.com> wrote:
> 	I believe there are attacks against MD5 that make it insufficient
> to verify that the "right" distfile was downloaded.
>
You believe incorrectly.  All known attacks require that the generator
of the tarball is compromised.  That is, there are no preimage or second
preimage attacks.

As Yet, nobody has successfully completed any of my MD4 or MD5
challenges, announced on the cryptography and NIST hash lists....

> 	Do you remember the PDF example from several years back?

Yes.  A parlor trick.  Irrelevant to using MD5 as designed.


> Are there other game-over equivalences involved (attacker is the distfile
> author, or has compromised the distfile server so can (either way)
> push out a shiny-new version with exploits baked in)?  Yuppers.
>
And that is the only relevant issue.  Something that a hash cannot solve.

As long as we ONLY use hashes generated by the distfile author, located
on the distfile site, and NEVER generate our own, we'll be fine.


More information about the macports-dev mailing list