[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gawk] Need the MD5 Hash Code for GAWK
|
From: |
Nelson H. F. Beebe |
|
Subject: |
Re: [bug-gawk] Need the MD5 Hash Code for GAWK |
|
Date: |
Wed, 2 Sep 2015 06:22:00 -0600 |
Arnold responds to a request for MD5 checksums of gawk packages, and
writes
>> There are .sig files associated with the tarballs on the GNU ftp site.
>> I don't know the appropriate PGP magic to use them, ...
The last available source code for PGP is rather old (18-Feb-2003),
and it cannot handle some of the new signature formats. Also, it
won't compile with current C compilers. However, in general, you can
run any of the commands
% pgp foo.sig
% gpg foo.sig
% gpg2 foo.sig
to validate a detached signature for file foo with any of three
privacy-guard utilities.
Here are two examples with old, and recent, signatures:
% pgp gawk-3.1.4.tar.gz.sig
Pretty Good Privacy(tm) Version 6.5.8
(c) 1999 Network Associates Inc.
Export of this software may be restricted by the U.S. government.
File 'gawk-3.1.4.tar.gz.sig' has signature, but with no text.
Text is assumed to be in file 'gawk-3.1.4.tar.gz'.
Good signature from user "Arnold Robbins (Package Sign Key)
<address@hidden>".
Signature made 2004/08/22 14:06 GMT
% pgp gawk-4.1.2.tar.lz.sig
Pretty Good Privacy(tm) Version 6.5.8
(c) 1999 Network Associates Inc.
Export of this software may be restricted by the U.S. government.
File 'gawk-4.1.2.tar.lz.sig' has signature, but with no text.
Text is assumed to be in file 'gawk-4.1.2.tar.lz'.
WARNING: Bad signature, doesn't match file contents!
Bad signature from user "Arnold Robbins <address@hidden>".
That signature is NOT bad, it is just not recognized by pgp.
By contrast, gpg is happy with it:
% gpg gawk-4.1.2.tar.lz.sig
gpg: assuming signed data in `gawk-4.1.2.tar.lz'
gpg: Signature made Wed Apr 29 01:37:11 2015 MDT using RSA key ID
937EC0D2
gpg: Good signature from "Arnold Robbins <address@hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: D196 7C63 7887 1317 7D86 1ED7 DF59 7815 937E
C0D2
i routinely verify package signatures with pgp, gpg, and gpg2, and
that is certainly better than just having a file checksum, because the
latter could have been modified by an attacker who replaced a package
with a trojaned one. of course, many package maintainers post
checksums to e-mail lists when new releases are announced, cutting off
that attack.
It should be noted that it was demonstrated in 2012 that MD5 checksums
can be forged:
Crypto breakthrough shows Flame was designed by world-class scientists
http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/
see also the 2004 paper
Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD
http://eprint.iacr.org/2004/199.pdf
Because of attacks against particular checksum algorithms, I routinely
include other checksums with software distributions, including MD5,
RIPEMD-160, and SHA-1, and then package those in a digitally-signed
file; see for example
ftp://ftp.math.utah.edu/pub/emacs
http://www.math.utah.edu/pub/emacs
The chances of three different checksum algorithms being
simultaneously attacked are vanishingly small.
Digital signature software is written to try to thwart such attacks,
and allows the signature algorithm to be changed when the signature is
first made.
So, instead of just asking for MD5 checksums, ask instead for
digitally-signed files.
For more on this topic, see
http://www.math.utah.edu/~beebe/PGP-notes.html
-------------------------------------------------------------------------------
- Nelson H. F. Beebe Tel: +1 801 581 5254 -
- University of Utah FAX: +1 801 581 4148 -
- Department of Mathematics, 110 LCB Internet e-mail: address@hidden -
- 155 S 1400 E RM 233 address@hidden address@hidden -
- Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------