Verifying file integrity with "MD5 signatures" (was: Linux Mint (Cinnamon 17.3 ONLY) hacked on Saturday)
Joshua Judson Rosen
rozzin at hackerposse.com
Wed Feb 24 17:52:10 EST 2016
On 02/21/2016 06:49 PM, Ted Roche wrote:
> According to
>
> http://fossforce.com/2016/02/linux-mint-hacked-iso-for-17-3-cinnamon-edition-modified/
>
> Original web site posting here:
>
> http://blog.linuxmint.com/?p=2994
>
> Be careful out there.
And he says "check its MD5 signature".... So many things wrong with that.
But I notice that there are also sha256sum files, alongside the md5sum files--
and those sha256sum files also have OpenPGP signatures that can be checked
with GnuPG to actually verify their source. I'd say it's advisable to actually
*ignore the MD5 checksums*, check the sha256sums instead, and actually
verify *the authenticity of the sha256sums* by checking the OpenPGP signatures.
MD5 has been broken for over a decade now..., though I guess MD5 is maybe still
kinda-sorta OK-ish for stuff like this (since the known pre-image attacks are still
kind-of expensive)..., assuming you don't try to `skim' through verifying the checksum
visually (because... <http://www.finnie.org/software/vanityhash/>)....
And assuming that you can actually trust the MD5 checksum. Because MD5 is a checksum,
*not a signature*.
Can we trust the checksums (at least the ones given in the blog post)
haven't been compromised? Who knows? It's actually a little scary to see
a blog-post that says `someone broke into my server and changed stuff,
but this web page is still trustworthy'. Looks like they are actually
different servers, at least.
Using actual *signatures* should let us bypass pretty much all of these uncertainties.
At least, it would if he was using strong signing key with a strong signing
hash.... He's actually using an old DSA key with SHA-1. D'oh.
I guess it could be a lot worse, e.g.:
http://rdist.root.org/2009/05/17/the-debian-pgp-disaster-that-almost-was/
If you're ever in a position to use hashes/checksums in your own project,
check out the "Lifetimes of popular cryptographic hashes" chart first:
http://valerieaurora.org/hash.html
And then check back regularly :)
--
"Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))."
More information about the gnhlug-discuss
mailing list