Let's avoid using md5 as checksum
Ryan Schmidt
ryandesign at macports.org
Fri Feb 15 23:57:42 PST 2008
On Feb 16, 2008, at 01:49, William Allen Simpson wrote:
> On 2/15/08, Eric Hall wrote:
>
>> I believe there are attacks against MD5 that make it insufficient
>> to verify that the "right" distfile was downloaded.
>
> You believe incorrectly. All known attacks require that the generator
> of the tarball is compromised. That is, there are no preimage or
> second
> preimage attacks.
>
> As Yet, nobody has successfully completed any of my MD4 or MD5
> challenges, announced on the cryptography and NIST hash lists....
>
>> Do you remember the PDF example from several years back?
>
> Yes. A parlor trick. Irrelevant to using MD5 as designed.
>
>> Are there other game-over equivalences involved (attacker is the
>> distfile
>> author, or has compromised the distfile server so can (either way)
>> push out a shiny-new version with exploits baked in)? Yuppers.
>
> And that is the only relevant issue. Something that a hash cannot
> solve.
>
> As long as we ONLY use hashes generated by the distfile author,
> located
> on the distfile site, and NEVER generate our own, we'll be fine.
But we don't do that. At least, I'm constantly generating my own
checksums for my portfiles. The developers of most of my ports do not
provide checksums.
More information about the macports-dev
mailing list