[arch-general] Packages Verified with MD5

Mark Lee mark at markelee.com
Sun Jan 12 12:11:44 EST 2014

On Sat, 2014-01-11 at 23:09 -0700, Taylor Hornby wrote:
> I noticed that the TrueCrypt package is downloaded over an insecure FTP
> connection and then only verified using MD5 hashes.
> https://projects.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/truecrypt
> There are practical collision attacks against MD5. This means an
> adversary (e.g. the NSA) can construct two versions of the truecrypt
> binaries, one malicious and one not, which have the same MD5 hash. They
> can silently replace the file being downloaded with the malicious
> version and the change will not be detected.
> This should be fixed to use SHA256 hashes, like the Firefox package:
> https://projects.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/firefox
> How can I help make it use SHA256 instead of MD5? I'm relatively new to
> arch, so I'm not familiar with what it takes to change something in the
> repos. Any advice would be appreciated.
> Are there other packages still being verified with MD5? Can we fix them
> too? I'll gladly donate my time if it's not something that can be automated.
> Thanks,


Perhaps I'm not strong enough in mathematics but I'd like to know how
possible md5 collisions can be weaponized. From what I see, the idea
would be to modify a binary such that it contains malicious code
(without changing the md5sum). Since most security packages contain a
number of compilation tests and md5 hashes vary significantly with
slight modifications, I'd like to know how these collisions can be used
to hijack a system. If one has to build a binary that doesn't even
encompass the functionality of the binary it's trying to mimic, wouldn't
that severely decrease the effectiveness of a hash collision?

Mark Lee <mark at markelee.com>

More information about the arch-general mailing list