Unsafe ISO-file signatures

8 replies [Last post]
Liberty
Offline
Joined: 08/05/2013

Hello friends,

Why does Trisquel use the notorious unsafe MD5 for verification of downloaded ISO-files?

http://cdimage.trisquel.info/trisquel-images/md5sum.txt

And why does the web page where you check the signatures not support HTTPS?

To me it looks like people easily could get tricked into getting a tampered Trisquel installation media by somebody with bad intentions.

Liberty

andrew
Offline
Joined: 04/19/2012

On 15/09/13 20:10, Liberty wrote:
> Hello friends,
>
> Why does Trisquel use the notorious unsafe MD5 for verification of
> downloaded ISO-files?
>
> http://cdimage.trisquel.info/trisquel-images/md5sum.txt

Yes, this isn't ideal. IMHO GnuPG signatures would be best, maybe
alongside SHA-2 for people who don't use GnuPG.

You could file a bug report:
https://trisquel.info/en/project/issues

Andrew.

Mampir
Offline
Joined: 12/16/2009

There is detached GnuPG signature for the sums file: http://cdimage.trisquel.info/trisquel-images/md5sum.txt.gpg

Liberty
Offline
Joined: 08/05/2013

It more and more appears to me like security is not high priority in the distribution. I see a lot of bugreports regarding privacy and security.

andrew
Offline
Joined: 04/19/2012

> It more and more appears to me like security is not og high priority
> in the distribution. I see a lot of bugreports regarding privacy and
> security.

Privacy and security are a priority for Trisquel. However, lack of
development resources can make this difficult. Some package helpers
(e.g. Abrowser) need updating when new packages are released.

I plan on working on the Abrowser package helper in two weeks time when
I get a week off. Yes, you can hold that against me if I don't end up
doing it. ;-)

I think the increase of privacy/security bug reports might also relate
to the recent NSA disclosures a little bit.

Extra developer resources wouldn't go astray. If you can help at all,
please do.

PS. I'm not a Trisquel developer, or represent Trisquel in any way.

Andrew.

Darksoul71
Offline
Joined: 01/04/2012

@Liberty: MD5 is essentially not unsafe simply because it was possible to produce checksum duplicates. Try to modify any file inside the ISO for a specific purpose and produce a duplicate MD5 checksum which matches the current one. Good luck.....

Not every possible attack vector does work in reality and not everywhere you have smoke, there is a fire ;)

Just my two cents,
Holger

ssdclickofdeath
Offline
Joined: 05/18/2013

It sounds like he means a man-in-the-middle attack could change the MD5 checksum.

Darksoul71
Offline
Joined: 01/04/2012

No, here refers directly to MD5 as hashing algorithm:
...
Why does Trisquel use the notorious unsafe MD5 for verification of downloaded ISO-files?
...
MD5 is not unsafe simply because people were able to produce different files with identical values (= hash collisions). It simply means that MD5 should be replaced by another hash algorithm in real world scenarios.

And when it comes to modifying checksums, a MD5 sum as well as a SHA1 sum or a PGP key for verifying the signed ISO are only as save as the webserver they are stored on.

Hot air...nothing more....

Liberty
Offline
Joined: 08/05/2013

It is a fact that collisions exists in MD5 and the internet is abundant with information about it. Some have even made executables with different contents, with the same MD5 signature. Here is a pretty good explanation:

http://th.informatik.uni-mannheim.de/people/lucks/HashCollisions/

MD5 was compromised in 2004. You can se a pretty neat overview of the different hash functions and their safety here:

http://valerieaurora.org/hash.html