On Sat, 2014-01-11 at 23:09 -0700, Taylor Hornby wrote: > I noticed that the TrueCrypt package is downloaded over an insecure FTP > connection and then only verified using MD5 hashes. > > https://projects.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/truecrypt > > There are practical collision attacks against MD5. This means an > adversary (e.g. the NSA) can construct two versions of the truecrypt > binaries, one malicious and one not, which have the same MD5 hash. They > can silently replace the file being downloaded with the malicious > version and the change will not be detected. > > This should be fixed to use SHA256 hashes, like the Firefox package: > > https://projects.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/firefox > > How can I help make it use SHA256 instead of MD5? I'm relatively new to > arch, so I'm not familiar with what it takes to change something in the > repos. Any advice would be appreciated. > > Are there other packages still being verified with MD5? Can we fix them > too? I'll gladly donate my time if it's not something that can be automated. > > Thanks, Salutations! Perhaps I'm not strong enough in mathematics but I'd like to know how possible md5 collisions can be weaponized. From what I see, the idea would be to modify a binary such that it contains malicious code (without changing the md5sum). Since most security packages contain a number of compilation tests and md5 hashes vary significantly with slight modifications, I'd like to know how these collisions can be used to hijack a system. If one has to build a binary that doesn't even encompass the functionality of the binary it's trying to mimic, wouldn't that severely decrease the effectiveness of a hash collision? Regards, Mark -- Mark Lee <mark@xxxxxxxxxxxx>
