On Wed, Mar 03, 2010 at 03:17:52PM +1100, Erik de Castro Lopo wrote: > Russ Allbery wrote: > > > Wouter Verhelst <wou...@debian.org> writes: > > > > > Or is it useful to be able to say "if it doesn't check out, it's > > > certainly corrupt, and if it does check out, it may be corrupt"? Didn't > > > think so. > > > > I don't understand why you say this. Cryptographic attacks on MD5 aren't > > going to happen as a result of random file corruption. The MD5 checksums > > are still very effective at finding file corruption or modification from > > what's in the Debian package unless that modification was done by a > > sophisticated attacker (MD5 preimage attacks are still not exactly easy). > > Detecting compromises is useful, but only a small part of what the MD5 > > checksums are useful for. > > If the machine has been compromised, *nothing* on the machine can be > trusted, whether its gpg signed or not. However, for detecting corruptions > and the local sysadmin meddling Russ mentioned, md5sum is more than adequate
Sure, I'm not contesting that. > and using something 'more secure' than md5sum is overkill. This is where I disagree. When a checksum algorithm is compromised (and MD5 *is* compromised), things only ever get worse, not better. Indeed, MD5 preimage attacks are pretty hard *today*. But switching to something more secure in preparation for the day when MD5 will be easily cracked by every script kiddo around is *not* overkill. -- The biometric identification system at the gates of the CIA headquarters works because there's a guard with a large gun making sure no one is trying to fool the system. http://www.schneier.com/blog/archives/2009/01/biometrics.html -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100303104725.ga18...@celtic.nixsys.be
