On 20/02/15 12:54 PM, Florian Pelz wrote:
On 02/20/2015 04:51 PM, Daniel Micay wrote:
PKGBUILD checksums provide *zero*, yes *zero* security for the case that matters most, which is the build done by the packager. It does provide the ability for other people to verify that a MITM attack was not used to target a specific packager... but that is far, far less likely than a compromise of the sources on the upstream server and it can't do anything about that.
I guess the likelihood depends on who the attacker and what their motive is, but you are probably right. Still, checksums improve security in cases that can matter if there is no better verification from upstream.
That said, if the security is verified another way, is there no need to use SHA256 rather than MD5, because the latter should be enough for ensuring there are no download errors?
Security is provided by signatures. The hashes don't provide security for the official packages, only an audit trail at best and only for detecting a MITM attack, not an upstream compromise. The hashes are also redundant in an --allsource package.
Trust in certificate authorities is trust in many corporations and governments around the world. It's trust in tends of thousands of individuals with the ability to sign whatever they want. An attacker with the ability to perform a targeted MITM attack on a specific Arch developer likely has the ability to sign whatever they want.
Any certificate authority caught signing fraudulent certificates would no longer be trusted. They surely can, but they would not want to. Unless you are an extremely high value target, I think CAs can be trusted.
So why are Comodo and TurkTrust still trusted, among others? Anyway, they can get away with quite a lot before getting caught - if they ever are. I'm not sure why you would be worried about an extremely niche targeted attack on Arch Linux but not this.