Date: Mon, 12 Mar 2001 13:59:36 +0200 From: Maxim Sobolev <sobomax@FreeBSD.org> To: Trevor Johnson <trevor@jpj.net> Cc: Kris Kennaway <kris@obsecurity.org>, ports@FreeBSD.org, Alistair Crooks <agc@pkgsrc.org> Subject: Re: new message digest support in pkgsrc (fwd) Message-ID: <3AACBA28.FA288681@FreeBSD.org> References: <20010312052254.X2937-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Trevor Johnson wrote: > > > A scheme has been described which is computationally expensive but not > > > infeasible. See the references I gave. > > > > I did not mean md5 attack, I meant scheme of attack using trojaned distfile specially tailored in such a way > > that its md5 checksum matches original one. This attack while possible in principle, but have the following > > difficulties, that turn its possibility close to 0: > > > > - attacker should specially tailor trojaned distfile to have the same checksum as original one (md5 attack); > > > > - attacker should put trojaned distfile onto one of the MASTER_SITES; > > This is as difficult as opening an account at sourceforge.net, tripod.com, > nbci.com, or geocities.com, and starting a software project which a > FreeBSD committer will consider worth adding to the ports collection. > Someone capable of breaking MD5 would surely have no difficulty. Please think about it again: in the case when author is in fact attacker he would not have to break md5 to get his code into users' machines. How many FreeBSD port maintainers read every single line of code/configure scripts/makefiles/whatever in the new version of software to detect possible trojans? Stronger checksum will not help in this case, sorry. > > - attacker should ensure somehow that the victim will fetch trojaned distfile from that site; > > It is almost a matter of course that the master site is listed in > MASTER_SITES, so this was taken care of already. See above. > > - attacker should ensure that the victim will build that package. > > Well, the attacker may not have a particular victim in mind. Perhaps his > purposes would be served if he had many victims and many unaffected users. > Then it would be sufficient to let FreeBSD's package-building system > prepare the package for distribution on CD-ROM, or to choose a software > license that would prohibit packages from being distributed (perhaps one > that would prohibit mirroring). Such licenses do not seem to raise > suspicion. > > If he had a particular victim in mind, and for some reason wanted everyone > else to be unaffected, then the malicious code could check for something > particular to that victim's system(s)--its IP address, for example. Some > social engineering might be needed in convincing the victim to install the > package, especially because it would be easiest to create a new software > project rather than subverting an existing one. Depending on the hacker's > goals, the expense of constructing the colliding distfiles might not be > worthwhile for a single victim (except a large institutional one). > Another kind of attack would probably be more suitable, for a single > victim. > > If these things were considered truly difficult, we would be using a > simple CRC check, for example cksum(1), rather than MD5 to check the > integrity of files. That would be adequate to detect non-malicious > changes. See above. In the case when author == attacker checksum algorithm doesn't protect anything, in all other cases MD5 is more than adequiate. -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AACBA28.FA288681>