[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cygwin
Subject:    Re: How Cygwin counters man-in-the-middle (MITM) attacks
From:       "David A. Wheeler" <dwheeler () dwheeler ! com>
Date:       2015-03-09 15:34:15
Message-ID: E1YUzh9-0001y1-J6 () rmm6prod02 ! runbox ! com
[Download RAW message or body]

On Sun, 08 Mar 2015 20:44:30 +0100, Achim Gratz <Stromeko@nexgo.de> wrote:
> Setup.ini also records the file size, so a successful attack would need
> to pack a malicous payload into a valid archive of the same size and the
> same MD5 checksum.  I think that is a much taller order than simply
> creating a hash collision.

That is harder, but I wouldn't trust it.

In 2004 it was shown that MD5 is not collision resistant, and the attacks j=
ust keep getting worse.  A quick check at the Wikipedia page about MD5 show=
s the sorry state of MD5.  The Software Engineering Institute (SEI) puts it=
 pretty baldly: MD5 "should be considered cryptographically broken and unsu=
itable for further use".  You want to use known-strong crypto, not known-bu=
sted crypto.

Besides, there are easily-available, much-stronger alternatives, in particu=
lar SHA-2 (SHA-512 is part of SHA-2). It's already supported in the current=
 Cygwin installer.

I recommend that Cygwin switch to SHA-512 soon.  It'll require that everyon=
e update their installer to do future updates, but the installer download h=
as been secured.  Then Cygwin can include in their FAQ a reasonable justifi=
cation that its download and update process is secure.

--- David A. Wheeler

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

[prev in list] [next in list] [prev in thread] [next in thread]