On Sun, 08 Mar 2015 20:44:30 +0100, Achim Gratz <strom...@nexgo.de> wrote: > Setup.ini also records the file size, so a successful attack would need > to pack a malicous payload into a valid archive of the same size and the > same MD5 checksum. I think that is a much taller order than simply > creating a hash collision.
That is harder, but I wouldn't trust it. In 2004 it was shown that MD5 is not collision resistant, and the attacks just keep getting worse. A quick check at the Wikipedia page about MD5 shows the sorry state of MD5. The Software Engineering Institute (SEI) puts it pretty baldly: MD5 "should be considered cryptographically broken and unsuitable for further use". You want to use known-strong crypto, not known-busted crypto. Besides, there are easily-available, much-stronger alternatives, in particular SHA-2 (SHA-512 is part of SHA-2). It's already supported in the current Cygwin installer. I recommend that Cygwin switch to SHA-512 soon. It'll require that everyone update their installer to do future updates, but the installer download has been secured. Then Cygwin can include in their FAQ a reasonable justification that its download and update process is secure. --- David A. Wheeler -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
