Hi, Am Dienstag, den 04.03.2008, 19:25 -0800 schrieb Alexander Sotirov: > On Mon, Mar 03, 2008 at 09:02:59PM +0100, Andreas K?hler wrote: > > As you can see the GnuCash 2.2.4 release announcement contained md5sums > > and was signed with my private gpg key. I hope that is better than > > before. > > This is certainly better than nothing, but the MD5 algorithm has been broken > and should not be used in the way you're using it. An MD5 collision attack can > be used to generate two tar.gz files with different contents and the same MD5 > hash. Even if a user verifies your signature of the release announcement and > checks the MD5 signature, there is no guarantee that the file has not been > replaced with a malicious one.
Two tar.gz files with the same MD5 checksum are not necessarily dangerous per se, unless you think that I distribute a pair of good and bad tarballs :-D Even rainbow tables would only help to recover the plain source code ;-) > See http://www.mathstat.dal.ca/~selinger/md5collision/ for more details. > > Instead of signing the MD5 hashes, you should sign the tar.gz files with: Why *should* I? Of course, I could, but an open question for me is the benefit. Once we put in strong cryptography, the focus will move to another point that might look attractive to a potential attacker. In the end, I think it might even now be more feasible to try to hack into gnucash.org or my computer and muddle things up there than trying to generate tarballs or win32 executables to a given md5 checksum. All I do is checking out from the central repository and using what is found here at /usr/bin/make to create two files. That is what you can do as well and then you would have an even better "security" than what I can provide you with. But maybe I just do not understand the issue. -- andi5
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
_______________________________________________ gnucash-devel mailing list gnucash-devel@gnucash.org https://lists.gnucash.org/mailman/listinfo/gnucash-devel
