gpg signatures for release tarballs

Andreas Köhler andi5.py at gmx.net
Wed Mar 5 18:20:42 EST 2008


Hi,

Am Dienstag, den 04.03.2008, 19:25 -0800 schrieb Alexander Sotirov:
> On Mon, Mar 03, 2008 at 09:02:59PM +0100, Andreas K?hler wrote:
> > As you can see the GnuCash 2.2.4 release announcement contained md5sums
> > and was signed with my private gpg key.  I hope that is better than
> > before.
> 
> This is certainly better than nothing, but the MD5 algorithm has been broken
> and should not be used in the way you're using it. An MD5 collision attack can
> be used to generate two tar.gz files with different contents and the same MD5
> hash. Even if a user verifies your signature of the release announcement and
> checks the MD5 signature, there is no guarantee that the file has not been
> replaced with a malicious one.

Two tar.gz files with the same MD5 checksum are not necessarily
dangerous per se, unless you think that I distribute a pair of good and
bad tarballs :-D  Even rainbow tables would only help to recover the
plain source code ;-)

> See http://www.mathstat.dal.ca/~selinger/md5collision/ for more details.
> 
> Instead of signing the MD5 hashes, you should sign the tar.gz files with:

Why *should* I?  Of course, I could, but an open question for me is the
benefit.  Once we put in strong cryptography, the focus will move to
another point that might look attractive to a potential attacker.  In
the end, I think it might even now be more feasible to try to hack into
gnucash.org or my computer and muddle things up there than trying to
generate tarballs or win32 executables to a given md5 checksum.  All I
do is checking out from the central repository and using what is found
here at /usr/bin/make to create two files.  That is what you can do as
well and then you would have an even better "security" than what I can
provide you with.

But maybe I just do not understand the issue.

-- andi5

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.gnucash.org/pipermail/gnucash-devel/attachments/20080306/fcd9bec0/attachment.bin 


More information about the gnucash-devel mailing list