[prev in list] [next in list] [prev in thread] [next in thread]
List: cygwin
Subject: Re: How Cygwin counters man-in-the-middle (MITM) attacks
From: "David A. Wheeler" <dwheeler () dwheeler ! com>
Date: 2015-03-09 15:34:15
Message-ID: E1YUzh9-0001y1-J6 () rmm6prod02 ! runbox ! com
[Download RAW message or body]
On Sun, 08 Mar 2015 20:44:30 +0100, Achim Gratz <Stromeko@nexgo.de> wrote:
> Setup.ini also records the file size, so a successful attack would need
> to pack a malicous payload into a valid archive of the same size and the
> same MD5 checksum. I think that is a much taller order than simply
> creating a hash collision.
That is harder, but I wouldn't trust it.
In 2004 it was shown that MD5 is not collision resistant, and the attacks j=
ust keep getting worse. A quick check at the Wikipedia page about MD5 show=
s the sorry state of MD5. The Software Engineering Institute (SEI) puts it=
pretty baldly: MD5 "should be considered cryptographically broken and unsu=
itable for further use". You want to use known-strong crypto, not known-bu=
sted crypto.
Besides, there are easily-available, much-stronger alternatives, in particu=
lar SHA-2 (SHA-512 is part of SHA-2). It's already supported in the current=
Cygwin installer.
I recommend that Cygwin switch to SHA-512 soon. It'll require that everyon=
e update their installer to do future updates, but the installer download h=
as been secured. Then Cygwin can include in their FAQ a reasonable justifi=
cation that its download and update process is secure.
--- David A. Wheeler
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic