A possible step toward integrity measurement for Fedora [LWN.net]

A possible step toward integrity measurement for Fedora

Posted Jan 8, 2021 23:15 UTC (Fri) by rahulsundaram (subscriber, #21946)
In reply to: A possible step toward integrity measurement for Fedora by amacater
Parent article: A possible step toward integrity measurement for Fedora

> I may be very wrong here. Am I right in thinking that Fedora and Red Hat still rely largely on SHA-1 and MD5 for verification? If so, addidional signatures may help as an additional validation step.

This hasn't been true in well over a decade

https://fedoraproject.org/wiki/Features/StrongerHashes

A possible step toward integrity measurement for Fedora

Posted Jan 9, 2021 9:22 UTC (Sat) by Wol (subscriber, #4433) [Link] (5 responses)

> > I may be very wrong here. Am I right in thinking that Fedora and Red Hat still rely largely on SHA-1 and MD5 for verification? If so, addidional signatures may help as an additional validation step.

> This hasn't been true in well over a decade

And to what extend is it relevant? How easy is it to produce a signature collision with those hashes? Sorry I haven't been following it particularly, but producing a collision is harder than just breaking the hash. Or have they now got automated "hack a collision" malware out there now?

Cheers,
Wol

A possible step toward integrity measurement for Fedora

Posted Jan 9, 2021 10:15 UTC (Sat) by dtlin (subscriber, #36537) [Link] (1 responses)

MD5 is broken to the extent that chosen prefix collisions can be found on commodity hardware. https://github.com/corkami/collisions

SHA-1 isn't *that* broken yet, but it's getting there. https://sha-mbles.github.io/

A possible step toward integrity measurement for Fedora

Posted Jan 9, 2021 11:44 UTC (Sat) by Wol (subscriber, #4433) [Link]

Ah. Not good ...

Cheers,
Wol

A possible step toward integrity measurement for Fedora

Posted Jan 9, 2021 12:47 UTC (Sat) by Sesse (subscriber, #53779) [Link] (2 responses)

> Sorry I haven't been following it particularly, but producing a collision is harder than just breaking the hash

Producing a collision is typically the _easiest_ attack that would be considered breaking the hash, no?

A possible step toward integrity measurement for Fedora

Posted Jan 10, 2021 19:28 UTC (Sun) by iabervon (subscriber, #722) [Link] (1 responses)

"Breaking the hash" is most often when an attacker can produce two inputs that collide, one that will be deemed acceptable by an authority and one which is malicious. In context, "producing a collision" would be coming up with an RPM with the same hash as an RPM the attacker didn't have any influence over, which is significantly harder, but is possible now for MD5 and will probably soon be possible for SHA1.

A possible step toward integrity measurement for Fedora

Posted Jan 10, 2021 20:13 UTC (Sun) by Creideiki (subscriber, #38747) [Link]

The literature usually uses "second preimage attack" for finding a message with a given hash, and "collision attack" for finding two messages with the same hash.