This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: How Cygwin counters man-in-the-middle (MITM) attacks
- From: "David A. Wheeler" <dwheeler at dwheeler dot com>
- To: "cygwin" <cygwin at cygwin dot com>, "Stromeko" <Stromeko at nexgo dot de>
- Date: Mon, 09 Mar 2015 11:34:15 -0400 (EDT)
- Subject: Re: How Cygwin counters man-in-the-middle (MITM) attacks
- Authentication-results: sourceware.org; auth=none
- Reply-to: dwheeler at dwheeler dot com
On Sun, 08 Mar 2015 20:44:30 +0100, Achim Gratz <Stromeko@nexgo.de> wrote:
> Setup.ini also records the file size, so a successful attack would need
> to pack a malicous payload into a valid archive of the same size and the
> same MD5 checksum. I think that is a much taller order than simply
> creating a hash collision.
That is harder, but I wouldn't trust it.
In 2004 it was shown that MD5 is not collision resistant, and the attacks just keep getting worse. A quick check at the Wikipedia page about MD5 shows the sorry state of MD5. The Software Engineering Institute (SEI) puts it pretty baldly: MD5 "should be considered cryptographically broken and unsuitable for further use". You want to use known-strong crypto, not known-busted crypto.
Besides, there are easily-available, much-stronger alternatives, in particular SHA-2 (SHA-512 is part of SHA-2). It's already supported in the current Cygwin installer.
I recommend that Cygwin switch to SHA-512 soon. It'll require that everyone update their installer to do future updates, but the installer download has been secured. Then Cygwin can include in their FAQ a reasonable justification that its download and update process is secure.
--- David A. Wheeler
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple