---------- Forwarded message ---------- From: Robert Tomsick <rob...@tomsick.net> Date: Mon, Jan 3, 2011 at 7:52 PM Subject: Re: Fwd: Fwd: question regarding verification of a debian installation iso To: Naja Melan <najame...@gmail.com>
On Mon, 2011-01-03 at 19:23 +0100, Naja Melan wrote: > If the author of such instructions > would be forced to justify say md5, I am quite confident that md5 would > instantly be scrapped and replaced by better algorithm and we would > instantly already have better and safer instructions. Given the attacks on MD5, it's useful as a check against corruption but basically useless against tampering. Implicitly suggesting otherwise (such as by presenting MD5 hashes as an alternative to SHA/RIPEMD hashes) is IMHO a rather bad idea, especially since the folks who need instructions on its use are likely to be unaware of its flaws. Still, this is a relatively minor issue since Debian also provides SHA-1 hashes alongside the MD5 ones. As far as the problem of trust, I really don't understand why HTTPS isn't the default for the page(s) serving the checksums. Yes, there are still a ton of ways that the sums could be altered (compromise of project servers, CA coercion/negligence + MITM, shadowy cabals, etc.) -- but that doesn't mean that we shouldn't try to raise the bar for attackers! Naja makes a good point: right now the only requirement to compromise a novice user's installation is to be able to conduct some form of MITM on their connection. If they're not a GPG user and download a Debian ISO over, say, a publicly-accessible wireless network or a sniffable LAN they're basically screwed -- at that point they've got to bank on not being worth attacking. Now it's true that that could be a pretty safe bet (it is for me) -- but I don't think it's one that we should force novice users to make.
