On Sat, 2014-01-11 at 23:09 -0700, Taylor Hornby wrote:
I noticed that the TrueCrypt package is downloaded over an insecure FTP connection and then only verified using MD5 hashes.
https://projects.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=p...
There are practical collision attacks against MD5. This means an adversary (e.g. the NSA) can construct two versions of the truecrypt binaries, one malicious and one not, which have the same MD5 hash. They can silently replace the file being downloaded with the malicious version and the change will not be detected.
This should be fixed to use SHA256 hashes, like the Firefox package:
https://projects.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=p...
How can I help make it use SHA256 instead of MD5? I'm relatively new to arch, so I'm not familiar with what it takes to change something in the repos. Any advice would be appreciated.
Are there other packages still being verified with MD5? Can we fix them too? I'll gladly donate my time if it's not something that can be automated.
Thanks,
Salutations! Perhaps I'm not strong enough in mathematics but I'd like to know how possible md5 collisions can be weaponized. From what I see, the idea would be to modify a binary such that it contains malicious code (without changing the md5sum). Since most security packages contain a number of compilation tests and md5 hashes vary significantly with slight modifications, I'd like to know how these collisions can be used to hijack a system. If one has to build a binary that doesn't even encompass the functionality of the binary it's trying to mimic, wouldn't that severely decrease the effectiveness of a hash collision? Regards, Mark -- Mark Lee <mark@markelee.com>