On Mon, Jul 25, 2005 at 01:38:01PM +0200, [EMAIL PROTECTED] wrote: > MD5 is brocken like rmd160 and sha1. But to make an attack vs. all the 3 > algorithms seams to be impossible (for now..). > And it's much harder to not change e.g. the file-size if you created a > collision against all of the algorithms (worst-case). > > I hope I where bale to explain why just MD5 isn't enought to make sure > that nothings happened with the files. > And even I was not able to explain it it shouldn't be that problem to > include rmd160 and sha1 checksums too (and if you've some time left maybe > also the file-size?).
For now, MD5 is still enough. No-one is still able to compute an arbitrary pre-image from a given MD5. What's currently feasible is to create two files which yield the same MD5, but this relies on both files containing a very specific, tailored, engineered, contiguous sequence of 1024 bytes. So, for now, no-one knows how to replace a valid file with another file with the same MD5, unless they happen to have created *both* files... ... which means that the attacker *is* the software distributor. A very valid threat, but which does not apply at all to the OpenBSD basic distribution right now. The ports tree is another matter, especially distfiles handling, where some software distributor can be the attacker, which is the reason why you can decide to re-check rmd160 instead of sha1, for instance, if you have any doubts. We provide the data, no automated means to check, but that's something you can still trivially do. cd /usr/ports && PREFERRED_CIPHERS=rmd160 make checksum will check a full ports tree against rmd160.
