[arch-general] Severity of Failed checksum for PKGBUILD

Dolan Murvihill dmurvihill at gmail.com
Fri Feb 20 18:22:57 UTC 2015 

On Fri, Feb 20, 2015 at 06:54:10PM +0100, Florian Pelz wrote:
> On 02/20/2015 04:51 PM, Daniel Micay wrote:
> > PKGBUILD checksums provide *zero*, yes *zero* security for the case
> > that matters most, which is the build done by the packager. It does
> > provide the ability for other people to verify that a MITM attack
> > was not used to target a specific packager... but that is far, far
> > less likely than a compromise of the sources on the upstream server
> > and it can't do anything about that.
> > 
> 
> I guess the likelihood depends on who the attacker and what their
> motive is, but you are probably right. Still, checksums improve
> security in cases that can matter if there is no better verification
> from upstream.
> 
> That said, if the security is verified another way, is there no need
> to use SHA256 rather than MD5, because the latter should be enough for
> ensuring there are no download errors?
> 
> > Trust in certificate authorities is trust in many corporations and 
> > governments around the world. It's trust in tends of thousands of 
> > individuals with the ability to sign whatever they want. An
> > attacker with the ability to perform a targeted MITM attack on a
> > specific Arch developer likely has the ability to sign whatever
> > they want.
> > 
> 
> Any certificate authority caught signing fraudulent certificates would
> no longer be trusted. They surely can, but they would not want to.
> Unless you are an extremely high value target, I think CAs can be trusted.
> 
> Greetings,
> Florian

CAs can, and have, deliberately issued fraudulent certificates. TrustWave is
the only one that has been discovered doing this --- and that, only because
they came forward on their own years after the fact. The security community
generally agrees that many, many of the less reputable CAs have done or are
doing this. TrustWave is, by the way, still trusted.

In addition, there have been many, many fraudulent certificates issued by CAs
that were not keeping their network secure. Such CAs rarely have their trust
revoked in practice.

The bottom line is that the CA network is large and complex, and your browser
trusts thousands of CAs all over the world, including some that are... erm...
sketchy. You seem to have an awful lot of confidence, considering the size of
that attack surface.

I'd be happy to continue this discussion, but we should split it into a
separate topic.

-Dolan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20150220/17568f41/attachment.asc>

More information about the arch-general mailing list