> On 2005-07-25 08:41, [EMAIL PROTECTED] wrote: >> And yes: Adding another Checksum wouldn't prevent an Attacker to recrete >> these files and replace them. But the chance isn't very high that an >> attackler could own 3 or 4 different Servers in different networks at >> the >> same time. So every user would be able to compare the Checksums with >> checksums stored in a file on another server. > > Wouldn't it be easier to just download the MD5-files from more than one > mirror then and compare them? This, of course, requires than the master > site isn't comprimised but othervise I think it's just as good as more > checksums.
That is no protection againste the kinf of attack I'm talking about because the MD5-Checksumm will be the same even the content of the file has changed. Such an attack can't be detected by the algorithm (otherwise it wouldn't be an attack, or?). The only prevention would be a digital signature or more Checksums (rmd160+sha1+filesize). So it must have a reason why every distinfo contains 3 checksums and the filesize. So I wonder why the BASE-Files wich are needed to install the OS are not "protected" with such a mechanism. That would allow the enduser (huhu, hello... here I am ,) ) to compare the different checksums with: a) the files I downloaded b) with other servers because these files could have been replaced by an attackera MD5 is brocken like rmd160 and sha1. But to make an attack vs. all the 3 algorithms seams to be impossible (for now..). And it's much harder to not change e.g. the file-size if you created a collision against all of the algorithms (worst-case). I hope I where bale to explain why just MD5 isn't enought to make sure that nothings happened with the files. And even I was not able to explain it it shouldn't be that problem to include rmd160 and sha1 checksums too (and if you've some time left maybe also the file-size?). Kind regards, Sebastian
