security of the lookaside cache (was: frafra uploaded yumex-dnf-4.1.6.tar.gz for yumex-dnf)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim Lauridsen wrote:
> How do i handle a situation where someone, without my knowledge
> uploads new sources to one of my projects. It could be a security
> problem ?

While I trust that Francesco had only good intentions, the general
question remains: Is it possible to modify a package without commit
access by uploading a modified source tarball to the lookaside cache?

Without commit access to Git the attacker couldn't edit the sources
file, so – assuming that everything that uses the lookaside cache
bothers to verify the checksum – the attacker would have to forge a
tarball that has the same MD5 hash as the original. That is an attack
on the second-preimage resistance of MD5.

Practical collision attacks on MD5 have existed for more than a decade,
but to the best of my knowledge no practical second-preimage attack is
known yet. Thus it's probably not practically possible to do this at
this time, except maybe to certain well-funded government agencies
around the world, who may have made further advances attacking MD5 than
the open cryptographic community has.

But still, why are we still using MD5?

Björn Persson

Attachment: pgpZqpEA8E7I1.pgp
Description: OpenPGP digital signatur

--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux