On Sat, Mar 15, 2014 at 07:17:02PM -0400, Joey Hess wrote: > Here's a feasible attack on obnam due to its use of md5.
I agree that this attack would work. It's not exactly likely (MD5 collisions are still not trivial, in my understanding, to generate), but it's clear Obnam needs to switch. If I change the checksum now, all existing Obnam backup repositories become unuseable. Luckily, the big code change in version 1.7, just released, is to allow Obnam to support more than one repository format, allowing me to make changes there. Unluckily, it'll be a while before I can make a stable new repository format, since there's now a laundry list of things that should be addressed, so this bug'll stay open for a while. > I would also recommend parametizing the hash used by obnam, so that > if whatever hash you choose gets broken later, it can easily switch to > its replacement. Absolutely. No hash is safe from attacks in the long run, so parameterising is a necessary new feature in the next repository format. -- http://www.cafepress.com/trunktees -- geeky funny T-shirts http://gtdfh.branchable.com/ -- GTD for hackers -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
