Hi, Daniel Kahn Gillmor wrote: > We're not talking about random chance -- we're talking about adversarial > attack.
The MD5s in .jigdo and .template are not intended to counter an attack. They serve as keys to create a relation between items of both files, and they serve as transport check (where other protocols have things like CRC32, easier to understand but by far not as good as MD5). > If "cryptographic check" refers to verification of the MD5sum, then it's > a mistake to use MD5 in 2019. Believe me that i know what is currently considered safe and what is not. (Harder is to convince myself that allegedly-safe is really safe.) My advise for protecting against counterfeit ISOs is to apply the verification chain of SHA512SUMS.sign and SHA512SUMS, which is regrettably not yet documented as a whole by Debian, but scattered at https://www.debian.org/CD/faq/#verify https://www.debian.org/CD/verify and still not giving all info needed about interpreting gpg output. I try to propose a complete verification procedure in https://wiki.debian.org/JigdoOnLive#Verify_the_Debian_Live_download and repeat it in more sparse form after each download step https://wiki.debian.org/JigdoOnLive#If_needed.2C_work_around_a_shortcoming_of_older_jigdo-lite https://wiki.debian.org/JigdoOnLive#Verify_the_downloaded_ISOs > > Steve. You should now face your critics. I did what i could as lowly user > > of Debian and disorganized upstream of xorriso. > I don't think you're "lowly" at all, Thomas! And i'm not a "critic" of > Steve's. This discussion isn't meant to be personal in any way. No offense taken. I am happy with being part of the bread slices around the Debian ISO production sandwich. Of course, i do not perceive your criticism towards jigdo as personal towards me or Steve McIntyre. It is just that the problem you cope with is in the sausage-and-salad layers of ISO production. And that is Steve's realm. (For example how to obtain in https://sources.debian.org/src/debian-cd/3.1.26/tools/grab_md5/ the path of the .deb file in order to compute the MD5 by own means without relying on package management information.) > But I'm concerned that jigdo's lack of maintenance has negative effects > on the rest of the debian ecosystem, and i'd really like to get that > cleaned up one way or another. I propose to change grab_md5 so that it does not expect MD5s in package management information but rather computes them by md5sum. This would enable a solution to bug #942893 without creating the need for a format change in .jigdo and .template, and without the need for testing for subtle regressions. Have a nice day :) Thomas
