Updates usually run automatically in the background, including from PPAs, and are unencrypted. This means a man-in-the-middle can gain root access, just by inserting their own version of one of the packages into this network traffic, because updates run as root. They can first obtain the public 1024 bit key from the PPA, then spend as long as they want working out the private key, then sign their false updates with the real private key.
A bug that allows complete compromise of most Ubuntu machines without requiring any user involvement is a very serious bug. Why hasn't this even been assigned to anyone, nearly 2 years after it was reported? This makes many PPAs unusable. https://en.wikipedia.org/wiki/Key_size#Asymmetric_algorithm_key_lengths 'RSA claims that 1024-bit keys are likely to become crackable some time between 2006 and 2010' https://www.symantec.com/page.jsp?id=1024-bit-migration-faq#issue In compliance with Certification Authority/Browser forum requirements based on NIST Special Publication 800-131A, at the end of 2013 all web browsers and Certification Authorities (CAs) will no longer sell or support 1024-bit RSA certificates. All certificates less than 2048-bit key length will need to be revoked and replaced with certificates with a higher encryption strength. Network connections are secured with at least 2048 bits. Installing software allows root access and should probably be secured with at least 4096 bits. Any system using keys has to have a way to change to a new key, that's a basic requirement. You could force all 1024 bit keys to 4096 bits - this might break existing updates, but they are already 'broken' by being vulnerable. Or sign with 2 keys, so a new subscriber will only use the newer one, but old subscribers who don't do anything about it will still use the old key. Or re-issue the entire PPA namespace, ie ppa2:... Or do some other such thing, eg update the client to include a newer protocol version number in its requests. A simple workaround for launchpad to apply would be to change the urls in files in /etc/apt/sources.list.d/ to use https://ppa.launchpad.net/ instead of http://ppa.launchpad.net/ (and change the server to support it). This would only need to be done for any PPA still using a 1024 bit key. Then at least the packages would be authenticated by TLS, which already uses 2048 bit keys. ** Also affects: launchpad Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated Status in Launchpad itself: New Status in apt package in Ubuntu: Confirmed Bug description: 1024-bit RSA was deprecated years ago by NIST[1], Microsoft[2] and more recently by others[3]. 1024-bit signing keys are insufficient to guarantee the authenticity of software distributed from Launchpad.net including PPAs. There should be a mechanism to refuse signing keys below a minimum key length based on key type. 1024-bit signing keys should be deprecated and removed from Launchpad.net itself ASAP. Future projects and PPAs should be disallowed from using 1024-bit signing keys. 1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf 2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx 3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114 To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
