On Wed 2019-10-23 01:28:42 +0200, Thomas Schmitt wrote: > Daniel Kahn Gillmor wrote: >> but it's known to be relatively easy to find collisions in MD5. > > It is suspected that it is possible to construct byte strings which > produce a desired particular MD5 value.
I think you're describing a preimage attack. I was talking about a collision attack, which is significantly easier to perform than a preimage attack. For MD5, it is not "suspected" to be a problem, it is closer to "can be done in less than a second on scavenged hardware". For more details, see https://eprint.iacr.org/2013/170.pdf > But when matching the lines of two tables by a key you have to consider > hash table theory and especially the birthday paradox. A short excursion > on wikipedia lets me estimate that the chance for a MD5 collision among > 1 billion .deb files is about 1 - e exp -1e-20. > Regrettably i found no calculator which would not say 0 as result. Sorry, i'm not following this argument. We're not talking about random chance -- we're talking about adversarial attack. > The cryptographic check is to be done on .jigdo and .template before > the run of jigdo-lite, and on .iso afterwards. If "cryptographic check" means "OpenPGP signature verification" then i agree that MD5 isn't relevant here. But i don't think that jigdo actually does that check, does it? If "cryptographic check" refers to verification of the MD5sum, then it's a mistake to use MD5 in 2019. If the idea is that MD5 is used for speed, full SHA256 is indeed a bit slower than MD5 ("openssl speed md5 sha256" suggests to me that SHA256 operations take roughly twice as long as MD5 operations). But unless you're on a blazing fast Internet connection, the delay of downloading is likely much much larger than the computational cost of sha256. (and if you're on a blazing fast Internet connection, you probably don't need jigdo anyway) > Steve. You should now face your critics. I did what i could as lowly user > of Debian and disorganized upstream of xorriso. I don't think you're "lowly" at all, Thomas! And i'm not a "critic" of Steve's. This discussion isn't meant to be personal in any way. I really appreciate the work you've done (and continue to do) on xorriso, and i appreciate the work Steve has done (and continues to do) across the entire Debian project :) But I'm concerned that jigdo's lack of maintenance has negative effects on the rest of the debian ecosystem, and i'd really like to get that cleaned up one way or another. If there are a lot of active users of jigdo, then there needs to be comparably active maintenance. If there aren't a lot of users (or if other techniques for mirroring optical media, like bittorrent, are better-maintained), then maybe it's time to retire jigdo and let people use their limited energies on other projects. Regards, --dkg
signature.asc
Description: PGP signature
