Foiling MITM attacks on source and ports trees
rwmaillists at googlemail.com
Sun Jan 4 00:20:32 UTC 2009
On Sat, 3 Jan 2009 19:46:59 +0100
cpghost <cpghost at cordula.ws> wrote:
> On Sat, Jan 03, 2009 at 01:38:25AM +0000, RW wrote:
> > On Fri, 02 Jan 2009 17:30:12 +0000
> > Vincent Hoffman <vince at unsane.co.uk> wrote:
> > > Admittedly this doesn't give a file by file checksum
> > That's not really a problem, it's no easier to create a collision
> > in a .gz file than a patch file.
> > The more substantial weakness is that the key is verified against a
> > hash stored on the original installation media. If someone went to
> > the trouble of diverting dns or routing to create a fake FreeBSD
> > site they would presumably make it self-consistent down to the ISO
> > checksums.
> That's why I suggested that the list of checksums be digitally signed
> by a private key belonging to The FreeBSD Project. It is assumed that
> getting the corresponding public key would be possible by other means
> not susceptible to MITM attacks (e.g. through endless replication all
> over the net, fingerprint in books etc...).
My point is that having signed updates etc (which is essentially what
freebsd-update and portsnap do) is undermined if the original iso is not
obtained securely. Currently that appears to be the weakest link.
More information about the freebsd-questions