Gentoo Archives: gentoo-security

From: shoehn@××××××××××××××××××××.info
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Built in integrity?
Date: Tue, 10 Feb 2004 09:28:36
Message-Id: 20040210082957.GA14817@p15138739.pureserver.info
1 On Tue, 10 Feb 2004 09:09:01 +0000
2 James Harlow <james@××××××××××××××.nu> wrote:
3
4 > On Tue, Feb 10, 2004 at 09:00:03AM +0100, shoehn@××××××××××××××××××××.info wrote:
5 > > I don't consider all these checks very useful. How can I be sure the
6 > > files emerge downloaded are really the correct ones? I guess if
7 > > someone would try fool me with the help of the portage system he
8 > > would change the version of portage with a "bad" one, that would
9 > > obtain the "bad" files from an evil server, but with correct
10 > > MD5 sums. So noone would realize that unless the tampered copy of
11 > > portage is detected.
12 >
13 > This is computationally infeasable - even the worst break on the MD5
14 > algorithm only brings it down to an effective complexity of 2^80 or so.
15 > That means an average of 2^40 files must be created and hashed before
16 > a correctly-hashing file is made - that's about 10^12 files. Even if
17 > someone can hash 100 files a second, that's around a year.
18
19 That's not what I meant. If portage uses an evil server both the files and the MD5 values are tampered, the
20 problem is that the user considers the wrong MD5 value as correct. I do not generate a file that has the
21 "official" MD5 value, I give the user a wrong MD5 value, by establishing a bad mirror.
22
23 -
24 Sebastian
25
26 --
27 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Built in integrity? James Harlow <james@××××××××××××××.nu>