[arch-general] Packages Verified with MD5
mark at markelee.com
Sun Jan 12 12:11:44 EST 2014
On Sat, 2014-01-11 at 23:09 -0700, Taylor Hornby wrote:
> I noticed that the TrueCrypt package is downloaded over an insecure FTP
> connection and then only verified using MD5 hashes.
> There are practical collision attacks against MD5. This means an
> adversary (e.g. the NSA) can construct two versions of the truecrypt
> binaries, one malicious and one not, which have the same MD5 hash. They
> can silently replace the file being downloaded with the malicious
> version and the change will not be detected.
> This should be fixed to use SHA256 hashes, like the Firefox package:
> How can I help make it use SHA256 instead of MD5? I'm relatively new to
> arch, so I'm not familiar with what it takes to change something in the
> repos. Any advice would be appreciated.
> Are there other packages still being verified with MD5? Can we fix them
> too? I'll gladly donate my time if it's not something that can be automated.
Perhaps I'm not strong enough in mathematics but I'd like to know how
possible md5 collisions can be weaponized. From what I see, the idea
would be to modify a binary such that it contains malicious code
(without changing the md5sum). Since most security packages contain a
number of compilation tests and md5 hashes vary significantly with
slight modifications, I'd like to know how these collisions can be used
to hijack a system. If one has to build a binary that doesn't even
encompass the functionality of the binary it's trying to mimic, wouldn't
that severely decrease the effectiveness of a hash collision?
Mark Lee <mark at markelee.com>
More information about the arch-general