Report of collision-generation with MD5
Mohacsi Janos
mohacsi at niif.hu
Thu Aug 26 00:34:35 PDT 2004
On Wed, 25 Aug 2004, Scott Gerhardt wrote:
>
>>
>> On 18-Aug-2004 Mike Tancsa wrote:
>>> As I have no crypto background to evaluate some of the (potentially wild
>>> and erroneous) claims being made in the popular press* (eg
>>> http://news.com.com/2100-1002_3-5313655.html see quote below), one thing
>>> that comes to mind is the safety of ports. If someone can pad an archive
>>> to come up with the same MD5 hash, this would challenge the security of
>>> the FreeBSD ports system no ?
>>
>> I _believe_ answer is "no", because i _think_ the FreeBSD ports system also
>> verify the size of the archive(s) (cat /usr/ports/any/any/distinfo to see
>> what made me think that).
>>
>> Padding would modify archive size. Finding a backdoored version that both
>> satisfy producing the same hash and being the same size is probably not
>> impossible, but how many years would it take ?
>>
>>
>> Now, i may be wrong. Any enlightement welcome.
>>
>> --
>> Guy
>> _______________________________________________
>>
>
> Why not adopt the OpenBSD method for ports. OpenBSD supplies 3 hash/digests
> for downloaded binaries and sources. Those OpenBSD guys leave nothing to
> chance.
>
> ports/databases/postgresql] scott% cat distinfo
> MD5 (postgresql-7.3.5.tar.gz) = ef2751173050b97fad8592ce23525ddf
> RMD160 (postgresql-7.3.5.tar.gz) = 83d5f713d7bfcf3ca57fb2bcc88d052982911d73
> SHA1 (postgresql-7.3.5.tar.gz) = fbdab6ce38008a0e741f8b75e3b57633a36ff5ff
I would also opt for having (by default) additional hash algorithms. I
would prefer using method of NetBSD: using an external program called
digest ( see security/digest port) to select the algorithms. Oliver
Eikemeier is working a ports building infrastructure and I think it would
be a good idea to this new infrastructure would support multiple hash
algorithm. The most easiest way would be to define a knob like
PREFERED_HASH that would list the algorithms that system would prefer,
and REQUIRED_HASH that would be required to checked:
- makesum should generate all the PREFERED_HASH
- fetch should fail if any of the REQUIRED_HASH failed
additional bit to NetBSD digest should be extended to have SIZE "hash" -
this is only for simplification of bsd.port.mk rules.
Today setup would be:
PREFERED_HASH= MD5 SIZE
REQUIRED_HASH= MD5 SIZE (except when NO_SIZE defined)
Janos Mohacsi
Network Engineer, Research Associate
NIIF/HUNGARNET, HUNGARY
Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98
More information about the freebsd-security
mailing list